Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

SecuriteInfo.com.HEUR.Trojan.OLE2.Agent.gen.26943.12401.msi

Status: finished
Submission Time: 2023-12-19 05:17:09 +01:00
Malicious
Trojan
Evader
LummaC Stealer

Comments

Tags

  • msi

Details

  • Analysis ID:
    1364305
  • API (Web) ID:
    1364305
  • Analysis Started:
    2023-12-19 05:17:11 +01:00
  • Analysis Finished:
    2023-12-19 05:29:23 +01:00
  • MD5:
    3e40af38940b787932d356d0b7bf4b3d
  • SHA1:
    5422afe104a7f6a2b09fc6866f776ddf5645ac83
  • SHA256:
    a9c82ebf5e801a134bfb8b38a73138738a71c2cd7f255d886330277eb9e3c4b3
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 93
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 17/90
malicious

IPs

IP Country Detection
104.21.80.57
 United States
208.95.112.1
 United States
108.181.20.35
 Canada
Click to see the 1 hidden entries
213.248.43.40
 Russian Federation

Domains

Name IP Detection
dayfarrichjwclik.fun
 104.21.80.57
slabbymenusportef.pw
 0.0.0.0
files.catbox.moe
 108.181.20.35
Click to see the 1 hidden entries
ip-api.com
 208.95.112.1

URLs

Name Detection
slabbymenusportef.pw
http://pesterbdd.com/images/Pester.png
reviveincapablewew.pw
Click to see the 34 hidden entries
http://dayfarrichjwclik.fun/api
ratefacilityframw.fun
cakecoldsplurgrewe.pw
neighborhoodfeelsa.funp
politefrightenpowoa.pwp
dayfarrichjwclik.fun
opposesicknessopw.pw
https://aka.ms/pscore6lB
http://slabbymenusportef.pw/api
https://www.thawte.com/repository0W
http://dayfarrichjwclik.fun:80/apiP
http://schemas.xmlsoap.org/wsdl/
https://contoso.com/
https://nuget.org/nuget.exe
http://files.catbox.moe/nzct1p
https://www.advancedinstaller.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://files.catbox.moe/nzct1p
http://dayfarrichjwclik.fun/
http://slabbymenusportef.pw/w2
https://www.thawte.com/cps0/
http://crl.micro
https://luajit.org/
http://dayfarrichjwclik.fun/pi
http://crl.mi
https://github.com/Pester/Pester
https://contoso.com/Icon
https://contoso.com/License
https://go.micro
http://www.apache.org/licenses/LICENSE-2.0.html
http://crl.microsoft
http://schemas.xmlsoap.org/soap/encoding/
http://ip-api.com/json/?fields=query,status,countryCode,city,timezone
http://nuget.org/NuGet.exe

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\Cheater Pro Inc\Cheater Pro\LuaJIT.exe
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Program Files (x86)\Cheater Pro Inc\Cheater Pro\file
 data
 #
C:\Users\user\AppData\Local\Temp\pss270A.ps1
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\scr26F9.ps1
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #