top title background image
flash

file.exe

Status: finished
Submission Time: 2024-11-22 15:11:07 +01:00
Malicious
Trojan
Spyware
Evader
LummaC, Amadey, CredGrabber, Credential

Comments

Tags

  • exe

Details

  • Analysis ID:
    1560970
  • API (Web) ID:
    1560970
  • Analysis Started:
    2024-11-22 15:11:08 +01:00
  • Analysis Finished:
    2024-11-22 15:24:53 +01:00
  • MD5:
    1daa3a0aa5ed7e06b400a47309ba5003
  • SHA1:
    8d475fd4be28ee701dbe5e2fe489fe9e9b3e826d
  • SHA256:
    c3d0427b8bc9d084ac65b881ec50f55be52650f60850ac05010ccc8d56e3d1cb
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 18/38
malicious
malicious

IPs

IP Country Detection
185.215.113.43
Portugal
109.107.181.162
Russian Federation
185.215.113.206
Portugal
Click to see the 9 hidden entries
185.215.113.16
Portugal
104.21.66.38
United States
34.107.221.82
United States
35.244.181.201
United States
34.117.188.166
United States
35.190.72.216
United States
142.250.181.78
United States
31.41.244.11
Russian Federation
172.67.74.152
United States

Domains

Name IP Detection
tse1.mm.bing.net
0.0.0.0
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
ax-0001.ax-msedge.net
150.171.27.10
Click to see the 36 hidden entries
youtube.com
142.250.181.78
youtube-ui.l.google.com
216.58.208.238
reddit.map.fastly.net
151.101.129.140
api.ipify.org
172.67.74.152
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
www.reddit.com
0.0.0.0
spocs.getpocket.com
0.0.0.0
dyna.wikimedia.org
185.15.58.224
content-signature-2.cdn.mozilla.net
0.0.0.0
support.mozilla.org
0.0.0.0
firefox.settings.services.mozilla.com
0.0.0.0
www.youtube.com
0.0.0.0
www.facebook.com
0.0.0.0
detectportal.firefox.com
0.0.0.0
normandy.cdn.mozilla.net
0.0.0.0
shavar.services.mozilla.com
0.0.0.0
www.wikipedia.org
0.0.0.0
prod.ads.prod.webservices.mozgcp.net
34.117.188.166
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
home.fvtekk5pn.top
34.116.198.130
services.addons.mozilla.org
151.101.193.91
fp2e7a.wpc.phicdn.net
192.229.221.95
contile.services.mozilla.com
34.117.188.166
fvtekk5pn.top
34.116.198.130
prod.content-signature-chains.prod.webservices.mozgcp.net
34.160.144.191
us-west1.prod.sumo.prod.webservices.mozgcp.net
34.149.128.2
ipv4only.arpa
192.0.0.171
example.org
93.184.215.14
push.services.mozilla.com
34.107.243.93
www.google.com
142.250.181.68
normandy-cdn.services.mozilla.com
35.201.103.21
star-mini.c10r.facebook.com
157.240.195.35
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
twitter.com
104.244.42.1
cook-rain.sbs
104.21.66.38

URLs

Name Detection
http://185.215.113.206/c4becf79229cb002.phps
https://cook-rain.sbs/apisN
https://blocked.cdn.mozilla.net/
Click to see the 97 hidden entries
https://cook-rain.sbs/d
http://x1.i.lencr.org/0
http://x1.c.lencr.org/0
https://coverage.mozilla.org
http://185.215.113.16/well/random.exe&p
http://185.215.113.43/Zu7JuNko/index.php9
https://cook-rain.sbs/n
http://185.215.113.43/Zu7JuNko/index.php5
http://mozilla.org/MPL/2.0/.
https://monitor.firefox.com/about
p10tgrace.sbs
http://185.215.113.206/c4becf79229cb002.phpn
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
https://cook-rain.sbs/8
https://monitor.firefox.com/user/dashboard
https://safebrowsing.google.com/safebrowsing/diagnostic?site=
https://cook-rain.sbs/A
http://185.215.113.206/c4becf79229cb002.php/p
https://cook-rain.sbs/H
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
https://monitor.firefox.com/user/breach-stats?includeResolved=true
http://185.215.113.43/Zu7JuNko/index.phpY
http://185.215.113.16/steam/random.exe
http://185.215.113.43/Zu7JuNko/index.php~
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
https://www.google.com/complete/search
http://185.215.113.16/
http://185.215.113.43/ineer
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
http://31.41.244.11/files/random.exe5d9.exe
p3ar11fter.sbs
http://185.215.113.16/well/random.exec.exeed
https://youtube.com/account?=https://acZ
https://topsites.services.mozilla.com/cid/
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
https://cook-rain.sbs:443/apiLocal
https://relay.firefox.com/api/v1/
https://www.google.com/search
https://screenshots.firefox.com/
https://monitor.firefox.com/user/preferences
http://185.215.113.16/steam/random.exeH
https://contile.services.mozilla.com/v1/tiles
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://mozilla.cloudflare-dns.com/dns-query
https://api.ipify.org/
https://support.mozilla.org/products/firefoxgro.all
https://profiler.firefox.com
https://spocs.getpocket.com/spocs
https://tracking-protection-issues.herokuapp.com/new
https://services.addons.mozilla.org/api/v4/addons/addon/
https://github.com/mozilla-services/screenshots
http://185.215.113.43/Zu7JuNko/index.php/1
https://www.amazon.com/exec/obidos/external-search/
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
https://monitor.firefox.com/breach-details/
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79f
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
https://completion.amazon.com/search/complete?q=
https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushed
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
http://185.215.113.206/ws
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
http://185.215.113.16/luma/random.exet~
https://merino.services.mozilla.com/api/v1/suggest
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
http://185.215.113.206/
https://duckduckgo.com/ac/?q=
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
https://duckduckgo.com/chrome_newtab
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
https://cook-rain.sbs/X=
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
https://services.addons.mozilla.org/api/v4/abuse/report/addon/
https://spocs.getpocket.com/
http://185.215.113.16/off/def.exe
http://185.215.113.16/steam/random.exeqvY
https://mitmdetection.services.mozilla.com/
https://cook-rain.sbs:443/api
http://127.0.0.1:
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
https://cook-rain.sbs/api5
https://www.youtube.com/
https://www.ecosia.org/newtab/
http://ocsp.rootca1.amazontrust.com0:
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
https://api.accounts.firefox.com/v1
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
https://youtube.com/account?=https://ac
https://youtube.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\Crypt_Medusa[1].exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 11 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[2].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\1008207001\Crypt_Medusa.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\1008208001\5f99d60ce3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\1008209001\3d87ccaf3c.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\1008210001\4ae2e93440.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\1008211001\f31c1b65d9.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\1008212001\c25b3d79d9.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#