rRFQ.bat.exe

Status: finished

Submission Time: 2024-08-29 01:07:10 +02:00

Malicious

Trojan

Spyware

Evader

FormBook

Comments

Details

Analysis ID:
1500883
API (Web) ID:
1500883
Analysis Started:

2024-08-29 01:07:10 +02:00
Analysis Finished:

2024-08-29 01:19:47 +02:00
MD5:
d8c1e3d95b1091fe2736ab13b6a1f551
SHA1:
fad4a1f0c7762dcfb1f89dc748d829adf04d1c08
SHA256:
a6f06cc81ea1f32259b6d9f45e3bd8b5ceef83c78041cf87a0acde5d3fc1a5ea
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 24/38

IPs

IP	Country	Detection
38.181.21.65	United States
172.67.176.77	United States
13.248.169.48	United States
Click to see the 10 hidden entries
65.21.196.90	United States
20.2.249.7	United States
218.247.68.184	China
103.42.108.46	Australia
38.47.207.180	United States
3.82.56.39	United States
203.161.42.73	Malaysia
162.241.226.190	United States
38.47.207.120	United States
3.33.130.190	United States

Domains

Name	IP	Detection
www.yhj95.one	38.181.21.65
www.globyglen.info	0.0.0.0
www.easyanalytics.site	0.0.0.0
Click to see the 16 hidden entries
www.tyai36.top	0.0.0.0
www.oculos-mundo.shop	0.0.0.0
www.070001294.xyz	0.0.0.0
www.t95ye.top	0.0.0.0
www.xsbaour.buzz	172.67.176.77
globyglen.info	3.33.130.190
www.study-in-nyc.online	13.248.169.48
www.slyra.xyz	203.161.42.73
easyanalytics.site	162.241.226.190
070001294.xyz	65.21.196.90
www.theaji.shop	3.82.56.39
www.dfbio.net	218.247.68.184
t95ye.top	38.47.207.180
www.mbwd.store	103.42.108.46
www.km7ky4.top	20.2.249.7
tyai36.top	38.47.207.120

URLs

Name	Detection
http://www.km7ky4.top/vawg/
http://www.dfbio.net/a3cb/
http://www.theaji.shop/k0k8/
Click to see the 36 hidden entries
http://www.km7ky4.top/vawg/?6zy0=ndiCnS011YAThGiKe0XhMtizrDJnkap+Y1zL2adgKs2GEDO4R4Ug6JhxiIL8gi2o90uR400mgL0pS3sWgyH+trc4hzKTLL6ssE9b78ise0jLr2gZYMuJMPQ=&xdwpG=18SLLVVx
http://www.study-in-nyc.online/elaa/?xdwpG=18SLLVVx&6zy0=5EHhkw7Gk9WcskjF2m+zluTEUULwRJEnho0pVqPokS8fkuPhRBovWCB2khp9HoUxc3ZiWG60S4y/EPzg1S5q4JKWsHUpvvO+aQlaUhUhOA3/OrwmIjxnvv8=
http://www.globyglen.info/929i/
http://www.slyra.xyz/a50f/?6zy0=hg5OOLNO1GmnFGHUVAs8lrQkh2VlgA2cn/h0HBPyaJil0Y6U762EiRY0Efcl7yGWfRFuy1+yVwDjADcZo0Vk2I3/z1AYIowprGPiZMn+Ykx7cDyYg2sFmbQ=&xdwpG=18SLLVVx
http://www.070001294.xyz/v236/?xdwpG=18SLLVVx&6zy0=7iBEarQbb292KKDZNBnWGLUmM4Tv3cRCGlhLuBcP44Wzn7Q6OOLP6Ax3CQEjE2+7o0JMT3SrOJg7rNB4wfswlMRgsJCKtwD9eOzl37EhEWdIhPavVpLXbBs=
http://www.tyai36.top/sekn/?6zy0=1t2mY3y1Qhepf6D2y8mjmNCdmlox/lzu1LjfsanhcUDh2/EoQvGrOLmZKRSW0bpqCZ0dhAct7FCDSZdmzeJdNBZW5aCgEdYHcN+Afgs4opEEDYiOFj9xxSQ=&xdwpG=18SLLVVx
http://www.yhj95.one/l490/?xdwpG=18SLLVVx&6zy0=qpSYJ2C7Byj9PaqN8tFIFSBEt45et4Gk72Y9HSK1PCHHsiNOuUfo1qD4bn/GFJ6Ngp1w8nyqL/kbwuQLDu5Iu4a+ElBzblgAl+4y7nYRFaEZMGbnKSC7lKg=
http://www.easyanalytics.site/6ra4/
http://www.070001294.xyz/v236/
http://www.dfbio.net/a3cb/?6zy0=SG4k3LXJxaLBVrnokZwwCINb58iNppxT92GmGC1fahvzdRojKzGX1YhTe/upfccG+JnhwHX8ooWZSbn/cywsa6H9dYiGuPVz3hyIBauJdaeHWlRZg2X1jYA=&xdwpG=18SLLVVx
http://www.mbwd.store/bmmx/?xdwpG=18SLLVVx&6zy0=BlmAimsM5NrvJmn9Bb4GMA7M3v5R02t48NLcBIpymd9AkMxq4/u2ieTNAkm3OUlnO9Ccl2ImOyiTG6yVeKEZnPpPs62LwBey4dbhtHeggwRv4DHGBuyjWwE=
http://www.slyra.xyz/a50f/
http://www.xsbaour.buzz/njtb/?xdwpG=18SLLVVx&6zy0=hXE0NSVnxirspKv2u0zxJMg9FDNwq43XBcbMQjH4+U+Yn5b5e+W320jv4cqAzXdKXkd2xadBIzDYKQ4dKGRyNY/EjTZtfG9yQKB6tyAI8k9Y+HteFhQadDk=
http://www.t95ye.top/khno/?6zy0=94A8AKtXD8IgPf4T3axgQZaKVqIUXBmfNKpf7MOsiO8ueHd5wXUur3GJqxXL8I/SgNlyK1MHz+lGPaSJzDPtKEg/dgaCAxI0ZuTmJjO+0Hzymdfnkhlld7Y=&xdwpG=18SLLVVx
http://www.globyglen.info/929i/?6zy0=jkXlgknAc/7y3uZUx1ANw0VHj8Hwvge4bV7Ki46CI4CGFHg9fqq9Ozg3p2ElifgNlm0z/qyzFkvgWF5VnENSEphinbIDbaKkQqpBOZFUwMbCfwOAA3b26eQ=&xdwpG=18SLLVVx
http://www.mbwd.store/bmmx/
http://www.t95ye.top/khno/
http://www.easyanalytics.site/6ra4/?xdwpG=18SLLVVx&6zy0=PTF2G9rWCaMLEOUJAeGEYW+/b70A3B2IKNWLiulBxgjgPAAubJYW3POTOHI15G5tS9+lzDrW4iiIZd1OY5qX+r6aI4lBFXcShf7rTaU906BZ7T8zQEhxGkU=
http://www.tyai36.top/sekn/
http://www.xsbaour.buzz/njtb/
http://www.study-in-nyc.online/elaa/
https://ventraip.com.au/favicon.ico
https://duckduckgo.com/chrome_newtab
https://duckduckgo.com/ac/?q=
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://www.ecosia.org/newtab/
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.dfbio.net
https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
http://www.dfbio.net:80/a3cb/?6zy0=SG4k3LXJxaLBVrnokZwwCINb58iNppxT92GmGC1fahvzdRojKzGX1YhTe/upfccG
https://badges.ausowned.com.au/07634
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://ac.ecosia.org/autocomplete?q=

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\tmp7C08.tmp	XML 1.0 document, ASCII text	#
C:\Users\user\AppData\Roaming\EnuiGTu.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\EnuiGTu.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#

Deep Malware Analysis

rRFQ.bat.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

rRFQ.bat.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

rRFQ.bat.exe