top title background image
flash

SharcHack.exe

Status: finished
Submission Time: 2024-12-28 22:19:07 +01:00
Malicious
Trojan
Spyware
Evader
Miner
Ades Stealer, BlackGuard, NitroStealer,

Comments

Tags

  • exe

Details

  • Analysis ID:
    1581756
  • API (Web) ID:
    1581756
  • Analysis Started:
    2024-12-28 22:19:09 +01:00
  • Analysis Finished:
    2024-12-28 22:32:22 +01:00
  • MD5:
    796310542e9fb2886de3f8cbdf88c9fa
  • SHA1:
    01dc8e64ff23db2f177e3d999c12329bfcd206d3
  • SHA256:
    9f3b062a0f8caf16be80ac44ade55a8b8e8928ef87ae909f5d6d52aa44208193
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 56/72
malicious
Score: 24/24
malicious

IPs

IP Country Detection
208.95.112.1
United States
3.165.135.3
United States
18.66.161.123
United States
Click to see the 5 hidden entries
65.9.108.148
United States
104.21.85.189
United States
65.9.108.93
United States
172.67.160.84
United States
13.226.4.166
United States

Domains

Name IP Detection
shield.reasonsecurity.com
0.0.0.0
bg.microsoft.map.fastly.net
199.232.214.172
cheatengine.org
104.20.94.94
Click to see the 10 hidden entries
d31tu1fsc224h4.cloudfront.net
13.226.4.166
eu-api.openweathermap.org
57.129.2.123
ipbase.com
104.21.85.189
d34hwk9wxgk5fi.cloudfront.net
65.9.108.148
ip-api.com
208.95.112.1
freegeoip.app
172.67.160.84
d2axwe94icddzf.cloudfront.net
18.66.161.99
d14mh4uvqj4iiz.cloudfront.net
18.66.161.123
api.openweathermap.org
0.0.0.0
electron-shell.reasonsecurity.com
0.0.0.0

URLs

Name Detection
https://www.avast.com/e
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
https://www.premieropinion.com/privacy-policy-
Click to see the 97 hidden entries
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://t.me/VegaStealer_bot-/sendDocument?chat_id=
https://www.sqlite.org/lang_c
http://cacerts.di
https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf
https://freegeoip.app/xml/
https://www.avast.com/p
https://www.avast.com
https://ipbase.com
https://t.me/VegaStealer_bot
https://aka.ms/winsvr-2022-pshelpX
http://go.microsoft
https://reasonlabs.com/policies67r
https://d34hwk9wxgk5fi.cloudfront.net:443/zbd
http://ip-api.com/json/
https://reasonlabs.com/policies
https://webcompanion.com/terms5/=
https://www.avast.co
http://ip-api.com/json/?fieldsTDl
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
https://www.avg.com/ww-en/privacy..$
https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipTEM32-xL
https://www.sqlite.org/lang
https://d34hwk9wxgk5fi.cloudfront.net/K
https://api.telegram.org/bot
https://www.avast.com/eula-avast-consumer-products
http://www.microsoft.cx
https://d31tu1fsc224h4.cloudfront.net:443/
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
https://webcompanion.com/privacys/
https://www.nortonlifelock.com/us/en/privacy/Op
https://d31tu1fsc224h4.cloudfront.net:443/bdp
https://system.data.sqlite.org/
https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipp.png4
https://www.premieropinion.com/privacy-policyG
https://system.data.sqlite.org/X
https://www.ccleaner.com/legal/end-usecense-agreem
https://d31tu1fsc224h4.cloudfront.net/FbN
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
http://go.micro
https://www.ccleaner.com/legal/end-use
https://freegeoip.app/xml/9https://api.telegram.org/botGhttps://api.vimeworld.ru/user/name/1--------
http://www.dk-soft.org/
https://www.sqlite.org/copyright.html2
https://d34hwk9wxgk5fi.cloudfront.net/f/RAV_Triple_NCB/images/DOTPS-855/EN.pnge
https://d31tu1fsc224h4.cloudfront.net:443/gd
https://www.avast.com/eula
https://www.premieropinion.com/common/termsofservice-v1
https://d34hwk9wxgk5fi.cloudfront.net:443/zbdk5fi.cloudfront.net:443/zbdv
https://d34hwk9wxgk5fi.cloudfront.net/f/WeatherZero/images/969/EN.png
https://www.mcafee.com/consumer/en-us/policy/legal.htmlReplaced/OperaSetup.zipnet
https://assets.razerzone.com/downloads/software/RazerEndUser
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://www.sqlite.org/lang_corefunc.html
https://www.innosetup.com/
https://nuget.org/nuget.exe
https://www.remobjects.com/ps
http://go.microsof
http://ns.adobe.0/
https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zippM32-xL
http://crl3.digicert.cPom/D
https://www.mcafee.com/consumer/en-us/policy/legal.htmles/969/EN.pngzipMSSP
https://freegeoip.app
https://d34hwk9wxgk5fi.cloudfront.net/f/
https://shield.reasonsecurity.com/rsStubActivator.exe.
https://www.premieropinion.com/privacy-policyl
https://home.mcafee.com/Root/AboutUs.aspx?id=eula
https://d34hwk9wxgk5fi.cloudfront.net:443/zbdWgI
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
http://ip-api.com/json/?fields=61439
https://duckduckgo.com/ac/?q=
https://webcompanion.com/terms
https://www.opera.com/he/eula/computers
http://ocsp.sectigo.com0
https://d31tu1fsc224h4.cloudfront.net/IN
https://d34hwk9wxgk5fi.cloudfront.net/f/WeatherZero/files/969/WZSetup.zipjy
https://shield.reasonsecurity.com/rsStubActivator.exeles/969/WZSetup.zip
https://github.com/novotnyllc/bc-csharp
https://urn.to/r/sds_see
https://www.opera.com/he/eula/computersl
http://schemas.xmlsoap.org/wsdl/
https://www.mcafee.com/consumer/en-us/policy/legal.html4
https://github.com/Pester/Pester
https://www.ecosia.org/newtab/
https://reasonlabs.com/policiesx
https://duckduckgo.com/chrome_newtab
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://shield.reasonsecurity.com/rsStubActivator.exem
https://d34hwk9wxgk5fi.cloudfront.net/f/WeatherZero/images/969/EN.pngzip)yH
https://contoso.com/Icon
http://www.microsoft.cxx
https://d31tu1fsc224h4.cloudfront.net:443//WebAdvisor/images/943/EN.png
http://www.apache.org/licenses/LICENSE-2.0.html
http://crl3.digicert
https://steamcommunity.com/profiles/ASOFTWARE
http://pesterbdd.com/images/Pester.png
https://www.ccleaner.com/legal/end-user-license-agreement

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Temp\cfoutowi.tmp
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\v2.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 20 hidden entries
C:\Users\user\AppData\Local\Temp\is-O39K6.tmp\CheatEngine75.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\zbShieldUtils.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\prod2.exe (copy)
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\prod2 (copy)
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\prod1_extract\WZSetup.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
#
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\prod0_extract\saBSI.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\is-L3QGH.tmp
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\CheatEngine75.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\VegaStealer_v2.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files\Google\Chrome\updater.exe
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Local\Temp\System.Data.SQLite.Linq.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\System.Data.SQLite.EF6.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\SQLite.Interop.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\EntityFramework.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\EntityFramework.SqlServer.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\CheatEngine75.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\BouncyCastle.Crypto.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\3.exe
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
#
C:\Program Files\Google\Libs\WR64.sys
PE32+ executable (native) x86-64, for MS Windows
#