file.exe

Status: finished

Submission Time: 2024-05-12 12:46:06 +02:00

Malicious

Trojan

Spyware

Evader

PrivateLoader, Vidar

Comments

Details

Analysis ID:
1440170
API (Web) ID:
1440170
Analysis Started:

2024-05-12 12:46:06 +02:00
Analysis Finished:

2024-05-12 12:52:40 +02:00
MD5:
43b0461d2e1c77a8530d66d3e1ae0175
SHA1:
96c50c5b2d652a572e18147e213e8bea38118f94
SHA256:
d4536f1b7e5fbfdfe66be6a404147230dcff7728bc559b493d7bdd8e1adaea08
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 11/92

malicious

IPs

IP	Country	Detection
23.195.238.96	United States
65.109.242.112	United States

Domains

Name	IP	Detection
steamcommunity.com	23.195.238.96

URLs

Name	Detection
https://65.109.242.112/
https://store.steampowered.com/steam_refunds/
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Click to see the 97 hidden entries
https://store.steampowered.com/stats/
https://65.109.242.112/mozglue.dlle
https://steamcommunity.com/discussions/
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
https://65.109.242.112/mozglue.dll
https://65.109.242.112HJJ
https://65.109.242.112/softokn3.dll
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
http://store.steampowered.com/subscriber_agreement/
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=yXrh2LzpDwct&l=e
https://store.steampowered.com/news/
https://steamcommunity.com/market/
https://help.steampowered.com/en/
https://steamcommunity.com/profiles/76561199681720597eL
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
https://steamcommunity.com/my/wishlist/
https://store.steampowered.com/about/
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
https://65.109.242.112/sqlx.dll
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
https://65.109.242.112/vcruntime140.dll
https://65.109.242.112JDG
http://store.steampowered.com/account/cookiepreferences/
https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
https://ac.ecosia.org/autocomplete?q=
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
https://65.109.242.112/#
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
https://steamcommunity.com/profiles/76561199681720597
https://store.steampowered.com/
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
http://www.sqlite.org/copyright.html.
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
https://store.steampowered.com/legal/
https://steamcommunity.com/workshop/
https://65.109.242.112/nss3.dll
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
https://65.109.242.112/p
https://65.109.242.112/softokn3.dllM
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
https://t.me/talmatin
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
https://steamcommunity.com/profiles/76561199681720597/badges
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
https://steamcommunity.com/profiles/76561199681720597GL
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
http://www.mozilla.com/en-US/blocklist/
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
http://www.valvesoftware.com/legal.htm
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=ZQOnBoEs
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
https://store.steampowered.com/subscriber_agreement/
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
https://65.109.242.112/nss3.dllMsi
https://steamcommunity.com/?subsection=broadcasts
https://duckduckgo.com/ac/?q=
https://65.109.242.112/freebl3.dllo
https://65.109.242.112
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
https://steamcommunity.com/login/home/?goto=profiles%2F76561199681720597
https://65.109.242.112/freebl3.dll
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
https://store.steampowered.com/privacy_agreement/
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
https://www.ecosia.org/newtab/
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
https://duckduckgo.com/chrome_newtab
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=qzBY
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://store.steampowered.com/points/shop/
https://steamcommunity.com/profiles/76561199681720597/inventory/
http://store.st
http://store.steampowered.com/privacy_agreement/
https://www.valvesoftware.com/en/contact?contact-person=Translation%2
https://mozilla.org0/
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
https://65.109.242.112/msvcp140.dll

Dropped files

Name	File Type	Hashes
C:\ProgramData\BGDAAKJJDAAK\mozglue.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
Click to see the 22 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199681720597[1].htm	HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators	#
C:\ProgramData\BGDAAKJJDAAK\vcruntime140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\ProgramData\BGDAAKJJDAAK\softokn3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\BGDAAKJJDAAK\nss3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\BGDAAKJJDAAK\msvcp140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\ProgramData\BGDAAKJJDAAK\AEHIEC	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\ProgramData\BGDAAKJJDAAK\freebl3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\BGDAAKJJDAAK\IIEBAF	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\ProgramData\BGDAAKJJDAAK\IDBKKK	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2	#
C:\ProgramData\BGDAAKJJDAAK\GHCGDA	ASCII text, with very long lines (1809), with CRLF line terminators	#
C:\ProgramData\BGDAAKJJDAAK\FIDAFC	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\ProgramData\BGDAAKJJDAAK\FCFIJE-shm	data	#
C:\ProgramData\BGDAAKJJDAAK\FCFIJE	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3	#
C:\ProgramData\BGDAAKJJDAAK\ECFHCG	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	#
C:\ProgramData\BGDAAKJJDAAK\EBAFBG	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\ProgramData\BGDAAKJJDAAK\BGDAAK	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1	#
C:\ProgramData\BGDAAKJJDAAK\AEHIEC-shm	data	#

file.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

file.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

file.exe