file.exe

Status: finished

Submission Time: 2024-12-08 15:37:07 +01:00

Malicious

Trojan

Evader

Credential Flusher

Comments

Details

Analysis ID:
1570978
API (Web) ID:
1570978
Analysis Started:

2024-12-08 15:37:07 +01:00
Analysis Finished:

2024-12-08 15:52:59 +01:00
MD5:
0058d7be87c904c115a5dda9b7be5871
SHA1:
b960f0014cf0007b255021c957fe702f35f80f34
SHA256:
2115b25b75548379efe953476c966664483028eaa6d9aa620bb4577c533dca74
Technologies:

Engines
IOCs

Joe Sandbox

Download Report	Detection	Info
	malicious
Full Report Management Report IOC Report	malicious Score: 72	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report	malicious Score: 72	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
151.101.1.91	United States
34.149.100.209	United States
34.107.243.93	United States
Click to see the 7 hidden entries
34.107.221.82	United States
35.244.181.201	United States
34.117.188.166	United States
35.201.103.21	United States
35.190.72.216	United States
34.160.144.191	United States
34.120.208.123	United States

Domains

Name	IP	Detection
ipv4only.arpa	192.0.0.171
www.wikipedia.org	0.0.0.0
shavar.services.mozilla.com	0.0.0.0
Click to see the 28 hidden entries
normandy.cdn.mozilla.net	0.0.0.0
detectportal.firefox.com	0.0.0.0
www.facebook.com	0.0.0.0
www.youtube.com	0.0.0.0
firefox.settings.services.mozilla.com	0.0.0.0
support.mozilla.org	0.0.0.0
content-signature-2.cdn.mozilla.net	0.0.0.0
spocs.getpocket.com	0.0.0.0
www.reddit.com	0.0.0.0
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123
normandy-cdn.services.mozilla.com	35.201.103.21
push.services.mozilla.com	34.107.243.93
prod.ads.prod.webservices.mozgcp.net	34.117.188.166
example.org	93.184.215.14
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2
youtube-ui.l.google.com	142.250.181.78
dualstack.reddit.map.fastly.net	151.101.129.140
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191
youtube.com	142.250.181.142
contile.services.mozilla.com	34.117.188.166
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209
dyna.wikimedia.org	185.15.58.224
services.addons.mozilla.org	151.101.1.91
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82
twitter.com	104.244.42.129
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216
star-mini.c10r.facebook.com	157.240.195.35

URLs

Name	Detection
https://spocs.getpocket.com/
https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
https://merino.services.mozilla.com/api/v1/suggestabout
Click to see the 97 hidden entries
https://addons.mozilla.org/
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
https://www.amazon.com/Z
https://monitor.firefox.com/user/breach-stats?includeResolved=true
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
https://youtube.com/account?=https://accounts.google.co
https://www.iqiyi.com/
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
https://services.addons.mozilla.org/api/v4/abuse/report/addon/
http://a9.com/-/spec/opensearch/1.0/
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
http://mozilla.org/03
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
https://shavar.services.mozilla.com/
https://youtube.com/account?=
https://static.adsafeprotected.com/firefox-etp-js
https://amazon.com
https://mitmdetection.services.mozilla.com/
https://bugzilla.mo
https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
http://crl.thawte.com/ThawteTimestampingCA.crl0
https://mozilla.cloudflare-dns.com/dns-query
https://identity.mozilla.com/apps/relay
https://bugzilla.mozilla.org/show_bug.cgi?id=793869
https://profiler.firefox.com
https://duckduckgo.com/?t=ffab&q=
https://json-schema.org/draft/2019-09/schema
https://blocked.cdn.mozilla.net/
https://infra.spec.whatwg.org/#ascii-whitespace
http://a9.com/-/spec/opensearch/1.1/
http://x1.i.lencr.org/0
http://x1.c.lencr.org/0
https://www.zhihu.com/
http://127.0.0.1:
https://coverage.mozilla.org
https://login.microsoftonline.com
https://www.openh264.org/
https://account.bellmedia.c
http://mozilla.org/MPL/2.0/.
https://monitor.firefox.com/about
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
https://monitor.firefox.com/user/dashboard
https://safebrowsing.google.com/safebrowsing/diagnostic?site=
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
https://github.com/w3c/csswg-drafts/issues/4650
https://monitor.firefox.com/breach-details/
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
https://identity.mozilla.com/ids/ecosystem_telemetryU
https://ads.stickyadstv.com/firefox-etp
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
https://completion.amazon.com/search/complete?q=
https://shavar.services.mozilla.com
https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
https://spocs.getpocket.com/spocs
https://www.leboncoin.fr/
https://www.amazon.com/exec/obidos/external-search/
https://json-schema.org/draft/2019-09/schema.
https://merino.services.mozilla.com/api/v1/suggest
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
http://www.mozilla.com0
https://datastudio.google.com/embed/reporting/
https://youtube.com4spG
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
http://detectportal.firefox.com/
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
https://ok.ru/
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
https://addons.mozilla.org/firefox/addon/to-google-translate/
https://www.bbc.co.uk/
https://MD8.mozilla.org/1/m
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
https://www.youtube.com/
http://ocsp.rootca1.amazontrust.com0:
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
https://www.amazon.com/
https://youtube.comZ
https://api.accounts.firefox.com/v1
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
https://www.instagram.com/
https://json-schema.org/draft/2020-12/schema/=
https://content-signature-2.cdn.mozilla.net/
https://youtube.com/
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
https://tracking-protection-issues.herokuapp.com/new
https://services.addons.mozilla.org/api/v4/addons/addon/
https://github.com/mozilla-services/screenshots
https://www.msn.com

Dropped files

No malicious files found. See full and IOC report for all dropped files.

Deep Malware Analysis

file.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

file.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

file.exe