top title background image
flash

SecuriteInfo.com.Trojan.PWS.Stealer.36520.17957.18348.exe

Status: finished
Submission Time: 2024-02-01 09:34:16 +01:00
Malicious
Trojan
Evader

Comments

Tags

  • exe

Details

  • Analysis ID:
    1384625
  • API (Web) ID:
    1384625
  • Analysis Started:
    2024-02-01 10:10:21 +01:00
  • Analysis Finished:
    2024-02-01 10:21:27 +01:00
  • MD5:
    7c48b3831ea20b27eff6824e87396af9
  • SHA1:
    bc3aac63486f1a9e6790ee0685a39d44aaffad9b
  • SHA256:
    f7fa9471559849199a352292685eec73d9e069c77265912764e2efc825f99ce6
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 80
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
malicious
Score: 80
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

malicious
Score: 50/72
malicious
Score: 28/38
malicious

IPs

IP Country Detection
54.231.198.8
United States
89.187.179.111
Czech Republic

Domains

Name IP Detection
s3.amazonaws.com
54.231.198.8
geo-routing.nexuspipe.com
89.187.179.111
api.thundermods.com
0.0.0.0
Click to see the 1 hidden entries
setup.roblox.com
0.0.0.0

URLs

Name Detection
http://api.thundermods.com/dlldownload.txt
http://api.thundermods.com/loadingtips.txt
http://api.thundermods.com/version.txtd
Click to see the 59 hidden entries
https://pastebin.com/raw/D2k6wMBX
https://pastebin.com/raw/fy927ntj
https://api.thundermods.com/.nexus/challenge/?&reason=0&destination=%2Fsetupversion.txt
http://s3.amazonaws.com
https://pastebin.com/raw/f7S7fy1E
http://foo/bar/skisploit%20logo%20s%20tr.png
https://api.thundermods.com/thundermods.org/Skisploit/api.php?key=
http://setup.roblox.com/versionWhttp://api.thundermods.com/setupversion.txt
http://s3.amazonaws.comd
http://geo-routing.nexuspipe.comd
https://api.thundermods.com
http://defaultcontainer/Skisploit;component/SKISPLOIT%20LOGO%20S%20TR.png
http://api.thundermods.com/version.txt
http://foo/SKISPLOIT%20LOGO%20S%20TR.png
https://fonts.nexus
http://api.thundermods.com/updatelink.txt
http://api.thundermods.comd
http://upx.sf.net
http://www.microsoft.
https://discordapp.com/activity
https://api.thundermods.com/.nexus/challenge/?&reason=0&destination=/setupversion.txt
https://www.thundermods.com/discord.php
http://setup.roblox.com/version
https://fonts.nexus/css2?family=Poppins&display=swap&local=false
https://nexuspipe.com?ref=challenge&ref_from=
http://api.thundermods.com/setupversion.txtd
https://pastebin.com/raw/KNUzQPYS
https://api.thundermods.com/setupversion.txt
https://cf-ent-cache.nexuspipe.com/static/Background.svg
https://raw.githubusercontent.com/RandomAdamYT/DarkHub/master/Init
http://foo/SKISPLOIT%20LOGO%20TRANSPARENT1%20-%20Edit.png
https://pastebin.com/raw/3JU8kUFG
http://setup.roblox.comd
https://pastebin.com/raw/xyT9HrgR
https://cdn.fonts.nexus
http://defaultcontainer/Skisploit;component/SKISPLOIT%20LOGO%20TRANSPARENT1%20-%20Edit.png
http://geo-routing.nexuspipe.com
https://pastebin.com/raw/64WtWdcc
https://pastebin.com/raw/iZdMhnWiKhttps://discordapp.com/api/v6/invite/
http://bit.ly/cretributions3Caution
https://pastebin.com/raw/MhepVnxZ
https://raw.githubusercontent.com/wawsdasdacx/ohascriptnrrewading/main/jbsaxcriptidk1
http://foo/bar/skisploit%20logo%20transparent1%20-%20edit.png
http://setup.roblox.com
http://api.thundermods.com/version.txtYhttp://api.thundermods.com/updatemessage.txtShttp://api.thund
https://www.wearedevs.net
https://key.thundermods.comE/Skisploit;component/launcher.xaml
https://nexuspipe.com
https://pastebin.com/raw/imEAQX7q
https://api.thundermods.com/.nexus/challenge?&reason=0&destination=%2Fsetupversion.txt
https://www.wearedevs.netC/Skisploit;component/options.xaml=Skisploit.Properties.Resources
https://api.thundermods.com/version.txt
https://api.thundermods.com/thundermods.org/editor/Y--
https://pastebin.com/raw/tWYqnAXX
http://api.thundermods.com/setupversion.txt
http://api.thundermods.com/updatemessage.txt
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://api.thundermods.com/.nexus/challenge?&reason=0&destination=/setupversion.txt
http://api.thundermods.com

Dropped files

No malicious files found. See full and IOC report for all dropped files.