bUHMq54m6Q.exe

Status: finished

Submission Time: 2024-05-07 01:31:09 +02:00

Malicious

Trojan

Spyware

Evader

RisePro Stealer

Comments

Details

Analysis ID:
1437130
API (Web) ID:
1437130
Original Filename:
2cf4b5cf327757376e717ab5554b921b.exe
Analysis Started:

2024-05-07 01:31:24 +02:00
Analysis Finished:

2024-05-07 01:41:20 +02:00
MD5:
2cf4b5cf327757376e717ab5554b921b
SHA1:
020751e48f382dbd25341228e0acf66818428b12
SHA256:
a275c369ef53eba4655ca43244e230fd7b38e45dbf25fc0b614918a58b3d07a6
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 18/38

malicious

IPs

IP	Country	Detection
147.45.47.126	Russian Federation
34.117.186.192	United States
104.26.4.15	United States

Domains

Name	IP	Detection
ipinfo.io	34.117.186.192
db-ip.com	104.26.4.15

URLs

Name	Detection
https://t.me/risepro_bot
https://t.me/RiseProSUPPORT=L
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
Click to see the 61 hidden entries
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://upx.sf.net
https://t.me/RiseProSUPPORT
https://db-ip.com/demo/home.php?s=156.146.37.102
https://www.ecosia.org/newtab/
https://ipinfo.io/Mozilla/5.0
https://ipinfo.io:443/widget/demo/156.146.37.102
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
http://193.233.132.56/cost/go.exeServer
http://147.45.47.102:57893/hera/amadka.exe)=
https://db-ip.com:443/demo/home.php?s=156.146.37.102A
http://193.233.132.56/cost/go.exeWOUl-
https://ac.ecosia.org/autocomplete?q=
https://t.me/risepro_botrisep
http://147.45.47.102:57893/hera/amadka.exeaO
http://193.23
http://crl.micro
https://ipinfo.io/
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
https://www.maxmind.com/en/locate-my-ip-address
https://t.me/risepro_botz
http://193.233.132.56/cost/lenin.exe
http://www.winimage.com/zLibDll
https://support.mozilla.org
https://t.me/risepro_botrisepro;O
https://db-ip.com:443/demo/home.php?s=156.146.37.102
https://ipinfo.io/$E
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://ipinfo.io/widget/demo/156.146.37.102
http://193.233.132.56/cost/go.exe
https://duckduckgo.com/ac/?q=
http://193.233.132.56/cost/go.exe207
https://db-ip.com/demo/home.php?s=156.146.37.102D
https://ipinfo.io/widget/demo/156.146.37.102p
http://147.45.47.102:57893/hera/amadka.exe
https://db-ip.com/
https://t.me/RiseProSUPPORTBB~
https://t.me/RiseProSUPPORTf
http://147.45.47.102:57893/hera/amadka.exe68.0
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://t.me/risepro_bot7.102
https://t.me/RiseProSUPPORTq3i
https://t.me/risepro_botr5
https://ipinfo.io/widget/demo/156.146.37.102d
https://ipinfo.io/x
https://duckduckgo.com/chrome_newtab
https://db-ip.com/demo/home.php?s=156.146.37.102_i
https://ipinfo.io/e7
https://ipinfo.io/o
https://t.me/RiseProSUPPORTP
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
https://ipinfo.io/t
https://t.me/RiseProSUPPORTPROCESSOR_LEVEL=6PROCES
https://t.me/risepro_botisepro_bot_Aj
https://t.me/risepro_botrisepro
http://193.233.132.56/cost/go.exeTerracoin=
https://db-ip.com/demo/home.php?s=156.146.37.102LS
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://ipinfo.io/widget/demo/156.146.37.102=
https://t.me/RiseProSUPPORT2
https://t.me/risepro_botPrim

Dropped files

Name	File Type	Hashes
C:\ProgramData\MPGPH131\MPGPH131.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\eK26yDxmyAbMrjg7CdmfOmj.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	#
C:\Users\user\AppData\Local\Temp\NoSoV6eJxRbhlNXMC2XnYgm.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	#
Click to see the 55 hidden entries
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\F27iDkUSbUX4History	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\TQL0dLOETHSsHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\SrMOR5IqDZZTCookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\KsIfLLPbfavZWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\IuMVYmRLxIIELogin Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\GoTBCXWsNltoCookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\e0WJiscSE76mWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\D87fZN3R3jFeplaces.sqlite	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\Bs1Rik95T3UPWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\3b6N2Xdh3CYwplaces.sqlite	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\1oBLao5WFReeLogin Data For Account	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\02zdBXl47cvzcookies.sqlite	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\wib805ADjjQsLogin Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\W4StvYRvRm8RLogin Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\djGL4gOVacKhHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\oVix2UaWI8VCHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\uH4Klb1syK8iWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\uyAd3P89yfWTHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\vCcKyxUjjGyAWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8	#
C:\Users\user\AppData\Local\Temp\spanuNssG0kGarHs\z81g9YDMLrJHWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8	#
C:\Users\user\AppData\Local\Temp\trixylgSFE9XfRUKm\Cookies\Chrome_Default.txt	ASCII text, with very long lines (369), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\trixylgSFE9XfRUKm\information.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\trixylgSFE9XfRUKm\passwords.txt	Unicode text, UTF-8 text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\trixyuNssG0kGarHs\Cookies\Chrome_Default.txt	ASCII text, with very long lines (369), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\trixyuNssG0kGarHs\information.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\trixyuNssG0kGarHs\passwords.txt	Unicode text, UTF-8 text, with CRLF, LF line terminators	#
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\8aQjHf7utHnSHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1	#
C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_5ae7e4c267f7e8254d33e44a3aef75514fc3925e_0010bad0_310ee076-0e1e-4dc2-a821-22b2cb294147\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bUHMq54m6Q.exe_7f5678ff3d44ce164b9187a831663245298324_7fe652d7_b9d6888b-1509-4a56-aeb6-1b74ada72881\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FC2.tmp.dmp	Mini DuMP crash report, 15 streams, Mon May 6 23:32:21 2024, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3215.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3245.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C94.tmp.dmp	Mini DuMP crash report, 15 streams, Mon May 6 23:32:25 2024, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER461A.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER463A.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\rage131MP.tmp	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\02zdBXl47cvzcookies.sqlite	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\3b6N2Xdh3CYwplaces.sqlite	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\w07ebxHrMjWrHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\9V16nhm0bFZXWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\D87fZN3R3jFeplaces.sqlite	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\EvDoFjSc27w4History	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\FQEh_xU7vRTGWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\JEr8lVONTEQKLogin Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\LmI4gt7uNt6lWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\P8T1BgZgt5t1Cookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\RVFvq_w1ZQYbWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\dn59MYeqcUJmWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\lKkvrLBG06UiLogin Data For Account	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\nQVbv3R1YjF8Cookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6	#
C:\Users\user\AppData\Local\Temp\spanlgSFE9XfRUKm\q58jgT3UDnoOWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8	#

bUHMq54m6Q.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

bUHMq54m6Q.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

bUHMq54m6Q.exe