Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

8Hd0ZExgJz.exe

Status: finished
Submission Time: 2024-11-14 20:13:05 +01:00
Malicious
Trojan
Spyware
Evader
Blank Grabber, Umbral Stealer, XWorm

Comments

Tags

  • exe

Details

  • Analysis ID:
    1556022
  • API (Web) ID:
    1556022
  • Original Filename:
    073997d20ef564e271ffb2b4d86773dbf7eddfb7e9f4811b0deb798b4505e2ce.exe
  • Analysis Started:
    2024-11-14 20:13:05 +01:00
  • Analysis Finished:
    2024-11-14 20:21:49 +01:00
  • MD5:
    7198fa10a50ea9aaf6ae5c2a05af2104
  • SHA1:
    c35a2a73313e3c5ad08136e3bc583bb9bc26964c
  • SHA256:
    073997d20ef564e271ffb2b4d86773dbf7eddfb7e9f4811b0deb798b4505e2ce
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 23/38
malicious
malicious

IPs

IP Country Detection
147.185.221.23
 United States
208.95.112.1
 United States
128.116.123.3
 United States
Click to see the 2 hidden entries
104.21.93.27
 United States
104.20.22.46
 United States

Domains

Name IP Detection
23.ip.gl.ply.gg
 147.185.221.23
getsolara.dev
 104.21.93.27
edge-term4-fra2.roblox.com
 128.116.123.3
Click to see the 3 hidden entries
www.nodejs.org
 104.20.22.46
ip-api.com
 208.95.112.1
clientsettings.roblox.com
 0.0.0.0

URLs

Name Detection
https://getsolara.dev/api/endpoint.json
https://discord.com/api/webhooks/1303474825066446879/NebQ1EAeNBTUfzGkn_W4tnvKCl9pOSQ87UqZdaxri0p165SfLuSuU_8R57ng1lqsCx6o
https://contoso.com/Icon
Click to see the 53 hidden entries
https://getsolara.dev/asset/discord.json
http://upx.sf.net
https://github.com/Pester/Pester
http://james.newtonking.com/projects/json
http://getsolara.dev
https://discord.com;http://127.0.0.1:6463/rpc?v=11
https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
https://github.com/Blank-c/Umbral-Stealer
https://go.microso
https://gitlab.com/cmd-softworks1/a/-/snippets/4768754/raw/main/endpoint.json
https://getsolara.dev
http://www.apache.org/licenses/LICENSE-2.0.html
https://gitlab.com/cmd-softworks1/a/-/snippets/4768756/raw/main/discord.json
http://127.0.0.1:64632
http://schemas.xmlsoap.org/wsdl/
https://www.newtonsoft.com/jsonschema
https://www.nuget.org/packages/Newtonsoft.Json.Bson
https://aka.ms/pscore68
http://clientsettings.roblox.com
https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
https://pastebin.com/raw/pjseRvyK
https://clientsettings.roblox.com
http://ip-api.com/json/?fields=225545
https://4d38a1ec.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zip
http://ip-api.com/line/?fields=hosting
http://ip-api.com
http://www.nodejs.org
https://4d38a1ec.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe
http://crl.microsP
http://www.microsoft.co
https://contoso.com/License
https://discordapp.com/api/v9/users/
https://ncs.roblox.com/upload
https://www.nodejs.org
https://discord.com/api/webhooks/1303474825066446879/NebQ1EAeNBTUfzGkn_W4tnvKCl9pOSQ87UqZdaxri0p165S
https://aka.ms/vs/17/release/vc_redist.x64.exe
http://crl.microso
https://contoso.com/
https://nuget.org/nuget.exe
http://127.0.0.1:6463
https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
https://ion=v4.5vn
http://127.0.0.1:6463/rpc?v=1
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://edge-term4-fra2.roblox.com
127.0.0.1
http://ip-api.com/line/?fields=hostingI7AB5C494-39F5-4941-9163-47F54D6D5016I032E02B4-0499-05C3-0806-
23.ip.gl.ply.gg
http://nuget.org/NuGet.exe
https://discord.com
https://discord.com/api/v10/users/
http://pesterbdd.com/images/Pester.png
http://schemas.xmlsoap.org/soap/encoding/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\8Hd0ZExgJz.exe.log
 CSV text
 #
C:\Users\user\AppData\Local\Temp\BootstrapperV1.23.exe
 PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\Injector.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Temp\Windows Security Host.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\Windows Security Host.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
\Device\ConDrv
 ISO-8859 text, with CRLF, LF line terminators
 #