vjgg.exe

Status: finished

Submission Time: 2024-09-06 16:30:16 +02:00

Malicious

Trojan

Spyware

Evader

LummaC, Vidar

Comments

Details

Analysis ID:
1505685
API (Web) ID:
1505685
Analysis Started:

2024-09-06 16:36:21 +02:00
Analysis Finished:

2024-09-06 16:46:23 +02:00
MD5:
20c0e4911043acdf83cd6f5818060b6d
SHA1:
b38d5071947e729ea05caa84958b515b53da5db6
SHA256:
656c58153302a82bdc4994a170163628f1aedd101b0efe6471b5af0d4173c1f5
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 19/38

malicious

IPs

IP	Country	Detection
147.45.126.10	Russian Federation
104.21.10.172	United States
149.154.167.99	United Kingdom
Click to see the 2 hidden entries
45.132.206.251	Russian Federation
46.29.235.52	Russian Federation

Domains

Name	IP	Detection
gacan.zapto.org	45.132.206.251
t.me	149.154.167.99
condedqpwqm.shop	104.21.10.172
Click to see the 2 hidden entries
locatedblsoqp.shop	0.0.0.0
traineiwnqo.shop	0.0.0.0

URLs

Name	Detection
caffegclasiqwp.shop
https://condedqpwqm.shop/api
https://condedqpwqm.shop:443/api
Click to see the 93 hidden entries
http://147.45.126.10/
evoliutwoqm.shop
stamppreewntnq.shop
http://147.45.126.10/softokn3.dll
https://condedqpwqm.shop/api(whop0D
http://147.45.126.10/msvcp140.dll
https://steamcommunity.com/profiles/76561199768374681
stagedchheiqwo.shop
http://147.45.126.10/nss3.dll
http://147.45.126.10/mozglue.dll
http://46.29.235.52/vjgg.exe
http://147.45.126.10/freebl3.dll
http://147.45.126.10/sql.dll
http://46.29.235.52/vjgg.exeontent-Disposition:
https://t.me/edm0d
http://gacan.zapto.org/
https://condedqpwqm.shop/
locatedblsoqp.shop
traineiwnqo.shop
https://t.me/fneogr
condedqpwqm.shop
http://147.45.126.10/vcruntime140.dll
http://46.29.235.52/lnef.exe1kkkk1071734http://46.29.235.52/vjgg.exe1kkkk
millyscroqwp.shop
https://t.me/
http://147.45.126.10:80GH
http://147.45.126.10:80938.134
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
http://gacan.zapto.org/h
http://147.45.126.10/n
http://147.45.126.10/#y
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
http://147.45.126.10/sql.dllTTC:
https://t.me/c9
https://traineiwnqo.shop/api
https://ac.ecosia.org/autocomplete?q=
https://t.me/fneogrh
http://147.45.126.10/softokn3.dlla
https://www.entrust.net/rpa0
http://gacan.zapto.
http://crl.entrust.net/2048ca.crl0
http://46.29.235.52/lnef.exe
https://t.me/#
http://147.45.126.10/a
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://support.mozilla.org
http://46.29.235.52/lnef.exeX
http://147.45.126.10:80
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
http://46.29.235.52/lnef.exeontent-Disposition:
http://gacan.zapto.orgBKJ
http://gacan.zapto
http://147.45.126.10/S
http://147.45.126.10/msvcp140.dllG
http://gacan.zaptoGDGDBKJ
http://147.45.126.10/iles
http://gacan.zapto.org_DEBUG.zip/c
http://gacan.zapto.DGDBKJ
http://147.45.126.10/=
http://147.45.126.10/ROWS
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
http://147.45.126.10:80ta
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
https://t.me/fneogrnfeowkhttps://t.me/edm0di11ihttps://steamcommunity.com/profiles/76561199768374681
http://ocsp.entrust.net02
http://ocsp.entrust.net03
https://web.telegram.org
https://duckduckgo.com/ac/?q=
https://duckduckgo.com/chrome_newtab
http://147.45.126.10/h=C:
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
http://gacan.zapto.org
http://147.45.126.10/sy
http://147.45.126.10/sCO
http://upx.sf.net
http://gacan.zapto.org/R
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://aia.entrust.net/ts1-chain256.cer01
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
http://www.entrust.net/rpa03
http://147.45.126.10/cmd.
https://www.ecosia.org/newtab/
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://mozilla.org0/
http://www.mozilla.com/en-US/blocklist/
http://147.45.126.10:80EB
http://www.sqlite.org/copyright.html.
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
http://gacan.ECFIDGDGDBKJ
http://crl.entrust.net/ts1ca.crl0

Dropped files

Name	File Type	Hashes
C:\ProgramData\CAKEBFCFIJ.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\ProgramData\GDBKJDGIJE.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_7d6ee6409036aea5d922721655e1f5bb7807612_b2132841_8d5fcb7e-e880-4406-9dba-e113c0797c12\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
Click to see the 12 hidden entries
C:\ProgramData\freebl3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\mozglue.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\nss3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\softokn3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vjgg.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\mozglue[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\nss3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\lnef[1].exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\vjgg[1].exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\freebl3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\sql[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#

Deep Malware Analysis

vjgg.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

vjgg.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

vjgg.exe