top title background image
flash

BfqMll75B4.exe

Status: finished
Submission Time: 2024-01-11 18:41:05 +01:00
Malicious
Trojan
Evader
DCRat, zgRAT

Comments

Tags

  • DCRat
  • exe

Details

  • Analysis ID:
    1373262
  • API (Web) ID:
    1373262
  • Original Filename:
    b9998ad96f5218b54e4deb6385064a57.exe
  • Analysis Started:
    2024-01-11 18:41:06 +01:00
  • Analysis Finished:
    2024-01-11 18:53:22 +01:00
  • MD5:
    b9998ad96f5218b54e4deb6385064a57
  • SHA1:
    88d349af943ad9f388be4a4ebc59888103075360
  • SHA256:
    e4a811441488a49a640f234d4e514d6746ad7ea39c4f1fe750182a358acc4d0d
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 34/37
malicious
malicious

IPs

IP Country Detection
83.220.169.42
Russian Federation
139.144.205.121
United States
139.144.205.122
United States

Domains

Name IP Detection
geo-routing.nexuspipe.com
139.144.205.121
cdn.krnl.place
0.0.0.0

URLs

Name Detection
http://83.220.169.42/central/7/Db8Db/Pollwordpress/Serverauthtempdump/Auth/Server7line2/pipeDatalife/poll4/linephpdatalife.php
https://krnl.place
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Click to see the 46 hidden entries
http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
https://fonts.nexuspipe.com
http://geo-routing.nexuspipe.comd
https://k-storage.com
https://cdn.krnl.place
https://www.certum.pl/CPS0
http://cdn.krnl.placed
http://sslcom.repository.certum.pl/ctnca.cer0:
http://foo/bar/mainwindow.baml
https://k-storage.com/krnl_bootstrapper.exe
http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
http://www.sandoll.co.kr
http://cdn.krnl.place
http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
http://defaultcontainer/MainWindow.xamld
http://foo/MainWindow.xaml
http://en.w.
http://83.220.169.42/central/7/Db8Db/Pollwordpress/Serverauthtempdump/Auth/Server7line2/pipeDatalife
http://sslcom.ocsp-certum.com08
https://k-storage.com/bootstrapper/injector.dll
https://cdn.krnl.place/version.txt
https://krnl.place-https://cdn.krnl.place
https://fonts.nexuspipe.com/css2?family=Poppins&display=swap&local=false
http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q
http://ocsps.ssl.com0G
http://ocsps.ssl.com0?
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
https://k-storage.com/bootstrapper/files
http://ocsps.ssl.com0
http://sslcom.crl.certum.pl/ctnca.crl0s
https://cdn.krnl.placed
http://defaultcontainer/MainWindow.xaml
http://geo-routing.nexuspipe.com
http://83.220.169.42
https://cdn.krnl.place/version.txtd
https://k-storage.com/bootstrapper/files/hashes.txt
http://foo/bar/mainwindow.bamld
https://cf-ent-cache.nexuspipe.com/static/ErrPageBackground.svg
https://k-storage.com/bootstrapper/injector.checksum
https://k-storage.com/krnl_console_bootstrapper.exe
https://fonts-cdn.nexuspipe.com
https://k-storage.com/bootstrapperChecksum.txt
https://www.ssl.com/repository0
https://krnl.place/invite
http://foo/MainWindow.xamld

Dropped files

Name File Type Hashes Detection
C:\Users\user\Desktop\mKMYaLPm.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\WaMaEDlt.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\XovBoZur.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 52 hidden entries
C:\Users\user\Desktop\XrnjxpYN.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\cWihqAUE.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\ccNzRVJf.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\cfFhamnB.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\dQRICjFd.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\eEVQoxBb.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\eYUQMjZz.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\iLSZKPvW.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\iOLHTfZt.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\jIuhfPKR.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\lBJPRLvP.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\VuMbcpJS.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\mTkYKyij.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\pEPoRLtc.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\pMzGwuUh.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\qBqwnLIX.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\rDJpdeTB.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\tuGfYItV.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\uooFlreu.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\vcsNWFas.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\wCDouanR.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\wsgoKoUU.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\yefwsoen.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\zSjEdCal.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\bridgehyperPortComponentcommon\ContainerbrowserintocrtNet.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\GQXDGQVa.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Recovery\Registry.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Recovery\SjWxcKhBRmhtCXkNNOdkWGlOJs.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\Default\System.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\DCRatBuild.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\f6jb8SDyiV.bat
DOS batch file, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\krnl_bootstrapper.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\conhost.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\AbnMnBuI.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\AkKMXoNE.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\AsueBXoK.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\BmcENGYi.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\DJZukyae.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\EweDWMWc.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Program Files (x86)\jDownloader\config\SjWxcKhBRmhtCXkNNOdkWGlOJs.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\GTPlPhzw.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\KGNuNNVT.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\KyecjeuN.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\LGhkseOk.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\MrtKUbgM.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\QzqTqtaH.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\RHucztue.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\RwSbLtpC.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\RzKJVKTZ.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\SttjhtEx.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\SwmRqKiT.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\VgdAsUAV.log
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#