Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

LKxcbzlwkz.exe

Status: finished
Submission Time: 2024-11-29 10:56:06 +01:00
Malicious
Ransomware
Trojan
Spyware
Evader
AveMaria, KeyLogger, Stealerium

Comments

Tags

  • exe
  • virustotal-vm-blacklist

Details

  • Analysis ID:
    1565141
  • API (Web) ID:
    1565141
  • Original Filename:
    02c5585c0346b9f7632691c41bb5741b8ab7b0f785e707ae65e918633bb5b801.exe
  • Analysis Started:
    2024-11-29 10:56:06 +01:00
  • Analysis Finished:
    2024-11-29 11:04:17 +01:00
  • MD5:
    8959a4884f81ac4db0967b534dae9617
  • SHA1:
    e4cc4e745820910b4f427b6c2385a43c87b7ce3b
  • SHA256:
    02c5585c0346b9f7632691c41bb5741b8ab7b0f785e707ae65e918633bb5b801
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 30/38
malicious

IPs

IP Country Detection
50.17.0.11
 United States
149.154.167.220
 United Kingdom
104.16.184.241
 United States
Click to see the 4 hidden entries
45.112.123.126
 Singapore
31.14.70.249
 Virgin Islands (BRITISH)
185.199.110.133
 Netherlands
188.138.68.212
 Germany

Domains

Name IP Detection
szurubooru.zulipchat.com
 50.17.0.11
56.14.11.0.in-addr.arpa
 0.0.0.0
raw.githubusercontent.com
 185.199.110.133
Click to see the 5 hidden entries
store6.gofile.io
 31.14.70.249
ip-score.com
 188.138.68.212
api.telegram.org
 149.154.167.220
api.gofile.io
 45.112.123.126
icanhazip.com
 104.16.184.241

URLs

Name Detection
https://szurubooru.zulipchat.com
https://szurubooru.zulipchat.com/api/v1/messages
http://ip-score.com/checkip/.com/checkip/ificates
Click to see the 84 hidden entries
https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/ip_list.txt
https://ip-score.com/checkip/2
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
http://szurubooru.zulipchat.com
https://www.ecosia.org/newtab/
http://store6.gofile.io
http://ip-score.com/checkip/
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
https://ip-score.com/checkip/65
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://james.newtonking.com/projects/json
http://ip-score.com/checkip/n
https://github.com/icsharpcode/SharpZipLib
https://ip-score.com/checkip/C:
https://api.gofile.io/servers
https://github.com/kgnfth
https://store6.gofile.io/uploadfile
https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_name_list.txt
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://ip-score.com/checkip/ificates
http://ip-score.com/checkip/C1%k.
http://ip-score.com/
https://gofile.io/d/liMaKC
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://api.telegram.org
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
https://support.mozilla.org
http://ip-score.com/checkip/LMEM
https://www.nuget.org/packages/Newtonsoft.Json.Bson
https://ip-score.com/checkip/LMEM
https://www.newtonsoft.com/jsonschema
https://ip-score.com/checkip/TTC:
https://ip-score.com/ows
http://ip-score.com/checkip/.com/checkip/
https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/MachineGuid.txt
https://raw.githubusercontent.com
https://ip-score.com/checkip/erse
https://ip-score.com/checkip/O
https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/gpu_list.txt
https://ac.ecosia.org/autocomplete?q=
https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/processes_list.txt
https://www.newtonsoft.com/json
http://ip-score.com/checkip/fic
https://github.com/dotnet/runtime
https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txt
https://api.gofile.io/
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
https://api.telegram.org/bot7944498476:AAFDMdaCzUgaTzRefjkf7TykHhwwmm5XuCI/sendMessage
http://icanhazip.com/
https://gofile.io/d/liMaKC)
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://store6.gofile.io
https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/
https://ip-score.com/
https://store6.gofile.io/X
http://ip-score.com/checkip/3
https://ip-score.com/checkip/HC:
https://api.telegram.org/bot
https://api.telegram.org
https://github.com/dotnet/runtime8
https://duckduckgo.com/ac/?q=
http://ip-score.com/checkip/TTC:
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
http://www.autoitscript.com/autoit3/files/beta/autoit/archive/sqlite/SQLite3
https://api.gofile.io
https://github.com/JamesNK/Newtonsoft.Json
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://api.telegram.org/bot7944498476:AAFDMdaCzUgaTzRefjkf7TykHhwwmm5XuCI/sendMessage?chat_id=-4556
https://api.telegram.org/bot7944498476:AAFDMdaCzUgaTzRefjkf7TykHhwwmm5XuCI/sendMessage?chat_id=-4556397073&text=%60%60%60%0A%F0%9F%98%B9%20%2AStealerium%20v3.5.2%20-%20Report%3A%2A%0ADate%3A%202024-11-29%204%3A57%3A07%20am%0ASystem%3A%20Microsoft%20Windows%2010%20Pro%20%2864%20Bit%29%0AUsername%3A%20user%0ACompName%3A%20724536%0ALanguage%3A%20%F0%9F%87%A8%F0%9F%87%AD%20en-CH%0AAntivirus%3A%20Windows%20Defender%0A%0A%F0%9F%92%BB%20%2AHardware%3A%2A%0ACPU%3A%20Intel%28R%29%20Core%28TM%292%20CPU%206600%20%40%202.40%20GHz%0AGPU%3A%20PA_NMRCU%0ARAM%3A%204095MB%0APower%3A%20NoSystemBattery%20%28100%25%29%0AScreen%3A%201280x1024%0AWebcams%20count%3A%200%0A%0A%F0%9F%93%A1%20%2ANetwork%3A%2A%20%0AGateway%20IP%3A%20192.168.2.1%0AInternal%20IP%3A%20No%20network%20adapters%20with%20an%20IPv4%20address%20in%20the%20system%21%0AExternal%20IP%3A%208.46.123.228%0A%0A%F0%9F%92%B8%20%2ADomains%20info%3A%2A%0A%20%20%20-%20%F0%9F%8F%A6%20%2ABanking%20services%2A%20%28No%20data%29%0A%20%20%20-%20%F0%9F%92%B0%20%2ACryptocurrency%20services%2A%20%28No%20data%29%0A%20%20%20-%20%F0%9F%8D%93%20%2APorn%20websites%2A%20%28No%20data%29%0A%0A%F0%9F%8C%90%20%2ABrowsers%3A%2A%0A%20%20%20%E2%88%9F%20%E2%8F%B3%20History%3A%209%0A%20%20%20%E2%88%9F%20%F0%9F%94%96%20Bookmarks%3A%205%0A%0A%F0%9F%97%83%20%2ASoftware%3A%2A%0A%0A%F0%9F%A7%AD%20%2ADevice%3A%2A%0A%20%20%20%E2%88%9F%20%F0%9F%97%9D%20Windows%20product%20key%0A%20%20%20%E2%88%9F%20%F0%9F%8C%83%20Desktop%20screenshot%0A%0A%F0%9F%A6%A0%20%2AInstallation%3A%2A%0A%20%20%20%E2%88%9F%20%E2%9B%94%EF%B8%8F%20Startup%20disabled%0A%20%20%20%E2%88%9F%20%E2%9B%94%EF%B8%8F%20Clipper%20not%20installed%0A%20%20%20%E2%88%9F%20%E2%9B%94%EF%B8%8F%20Keylogger%20not%20installed%0A%0A%F0%9F%93%84%20%2AFile%20Grabber%3A%2A%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Images%3A%2020%0A%20%20%20%E2%88%9F%20%F0%9F%93%82%20Documents%3A%2030%0A%0A%F0%9F%94%97%20%5BArchive%20download%20link%5D%28https%3A%2F%2Fgofile.io%2Fd%2FliMaKC%29%0A%F0%9F%94%90%20Archive%20password%20is%3A%20%227035101d0d346f9a1fd3ad400ac83b90%22%60%60%60&parse_mode=Markdown&disable_web_page_preview=True
http://api.gofile.io
https://ip-score.com/checkip/
http://icanhazip.com
https://raw.githubusercontent.com/icsharpcode/SharpZipLib/33f64eb0f28cdd2b084cb822fcc224c7c5aba553/
https://aka.ms/binaryformatter
https://duckduckgo.com/chrome_newtab
https://aka.ms/serializationformat-binary-obsolete
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
http://ip-score.com/checkip/yiLkZ
http://ip-score.com/checkip/W
https://aka.ms/dotnet-warnings/
https://api.telegram.org/bot7944498476:AAFDMdaCzUgaTzRefjkf7TykHhwwmm5XuCI/getMe
http://ip-score.com/checkip/1865
http://ip-score.com/checkip/oft

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\JOUNLV.exe
 PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\aut66E4.tmp
 PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\cb60c5e88147715fe2ed1a9bb45bba55\user@724536_en-CH.zip
 Zip archive data, at least v2.0 to extract, compression method=store
 #
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\cb60c5e88147715fe2ed1a9bb45bba55\user@724536_en-CH\Grabber\DRIVE-C\Users\user\Desktop\NIKHQAIQAU.pdf
 ASCII text, with very long lines (1024), with CRLF line terminators
 #
C:\Users\user\AppData\Local\cb60c5e88147715fe2ed1a9bb45bba55\user@724536_en-CH\Grabber\DRIVE-C\Users\user\Desktop\WUTJSCBCFX.docx
 ASCII text, with very long lines (1024), with CRLF line terminators
 #
C:\Users\user\AppData\Local\cb60c5e88147715fe2ed1a9bb45bba55\user@724536_en-CH\Grabber\DRIVE-C\Users\user\Desktop\YPSIACHYXW.docx
 ASCII text, with very long lines (1024), with CRLF line terminators
 #