file.exe

Status: finished

Submission Time: 2024-05-07 05:28:06 +02:00

Malicious

Trojan

Spyware

Evader

PureLog Stealer, Vidar

Comments

Details

Analysis ID:
1437185
API (Web) ID:
1437185
Analysis Started:

2024-05-07 05:28:06 +02:00
Analysis Finished:

2024-05-07 05:33:52 +02:00
MD5:
b9773393891d9cc471cd58cac09052dd
SHA1:
784a14954c7abca7d7e2e92c60b93557238426f4
SHA256:
0a8357cb9a1d348d1c4b4ec101f2328fd43f976803bcc360525ced55fbb9aeaf
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 31/73

malicious

Score: 24/38

malicious

IPs

IP	Country	Detection
65.108.152.56	United States
104.105.90.131	United States

Domains

Name	IP	Detection
bg.microsoft.map.fastly.net	199.232.210.172
steamcommunity.com	104.105.90.131

URLs

Name	Detection
https://65.108.152.56:9000/vcruntime140.dll_7)
https://steamcommunity.com/discussions/
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Click to see the 97 hidden entries
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
https://steamcommunity.com/login/home/?goto=profiles%2F76561199680449169
http://store.steampowered.com/subscriber_agreement/
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&l=englis
https://community.cloudflare.steamstatic.com/public/shared/javascript/toolt
https://store.steampowered.com/news/
https://steamcommunity.com/market/
https://help.steampowered.com/en/
https://t.me/r1g1o
https://65.108.152.56:9000/sqlx.dllg
https://65.108.152.56/
https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
https://steamcommunity.com/my/wishlist/
https://store.steampowered.com/about/
https://65.108.152.56:9000ing
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
https://65.108.152.56:9000/mozglue.dllEdge
https://65.108.152.56:9000/dZ
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
https://65.108.152.56:9000/7
https://65.108.152.56:9000/ng
https://65.108.152.56:9000/sqlx.dll
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en
https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
http://www.sqlite.org/copyright.html.
https://community.cloudflare.steamstatic.com/public/shared/images/r
https://65.108.152.56:9000/L~
https://store.steampowered.com/legal/
https://steamcommunity.com/workshop/
https://65.108.152.56:9000e1a3fmium
https://65.108.152.56:9000/msvcp140.dll
https://65.108.152.56:9000/
https://65.108.152.56:9000l
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
https://65.108.152.56:9000/freebl3.dll4
https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
https://store.steampowered.com/steam_refunds/
https://65.108.152.56:9000lGoogle
https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
https://store.steampowered.com/stats/
https://65.108.152.56:9000/nss3.dllData
https://65.108.152.56:9000/freebl3.dll
https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&
https://65.108.152.56:9000el
https://65.108.152.56:9000/nss3.dllU
https://65.108.152.56:9000/softokn3.dllessionKeyBackward
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
https://65.108.152.56:9000/nss3.dllft
https://65.108.152.56:9000/nss3.dll
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=roSu
http://www.valvesoftware.com/legal.htm
https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&l=
https://steamcommunity.com/profiles/76561199680449169
https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&
https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli
https://65.108.152.56:9000/vcruntime140.dll
https://store.steampowered.com/subscriber_agreement/
https://65.108.152.56:9000
https://65.108.152.56:9000/mozglue.dll
https://store.steampowered.comv
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
https://steamcommunity.com/?subsection=broadcasts
https://duckduckgo.com/ac/?q=
https://steamcommunity.com/profiles/76561199680449169/badges
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
https://65.108.152.56:9000softokn3.dlldge
https://65.108.152.56:9000/softokn3.dll
https://65.108.152.56:9000/soft
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=2VoZa2M8Wh3k&
https://65.108.152.56:9000/D
https://65.108.152.56:9000/G
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
https://store.steampowered.com/privacy_agreement/
https://65.108.152.56:9000/msvcp140.dllt
https://www.ecosia.org/newtab/
https://duckduckgo.com/chrome_newtab
https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
https://65.108.152.56:9000/W
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://store.steampowered.com/points/shop/
https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=tIrWyaxi8A
https://65.108.152.56:9000/o
http://store.steampowered.com/privacy_agreement/
https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&

Dropped files

Name	File Type	Hashes
C:\ProgramData\AEGIJKEHCAKF\BKKFHI	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2	#
C:\ProgramData\AEGIJKEHCAKF\GDBAKK	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\ProgramData\AEGIJKEHCAKF\GHJJDG	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1	#
Click to see the 9 hidden entries
C:\ProgramData\AEGIJKEHCAKF\GHJKEH	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	#
C:\ProgramData\AEGIJKEHCAKF\HDBKJE	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4	#
C:\ProgramData\AEGIJKEHCAKF\IEHJJE	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\ProgramData\AEGIJKEHCAKF\KFIJEG	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199680449169[1].htm	HTML document, Unicode text, UTF-8 text, with very long lines (3041), with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#

file.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

file.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

file.exe