Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

pbz3swuapf.exe

Status: finished
Submission Time: 2025-01-14 12:20:08 +01:00
Malicious
Trojan
Evader
Python Stealer

Comments

Tags

  • exe
  • malware
  • trojan

Details

  • Analysis ID:
    1590645
  • API (Web) ID:
    1590645
  • Analysis Started:
    2025-01-14 12:20:10 +01:00
  • Analysis Finished:
    2025-01-14 12:27:43 +01:00
  • MD5:
    170c87f28c0983e4263759e9f9f39ee0
  • SHA1:
    49491aa3db74c005763597d15d74f6a252010e57
  • SHA256:
    14b0435d8e3583abc0b622b0a6d5b07544f045dfcbf5058c008acc7def5252ad
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 60
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 16/72

IPs

IP Country Detection
178.208.187.105
 Netherlands

URLs

Name Detection
https://www.attrs.org/en/stable/why.html#data-classes)
https://discord.com/api/v6/guilds/
https://www.attrs.org/en/stable/changelog.html
Click to see the 97 hidden entries
http://tools.ietf.org/html/rfc6125#section-6.4.3
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
http://www.cert.fnmt.es/dpcs/7Y
http://crl.securetrust.com/STCA.crl
https://wiki.debian.org/XDGBaseDirectorySpecification#state
https://polar.sh/
https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
https://cryptography.io/en/latest/installation/
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
https://www.variomedia.de/
https://twitch.tv
https://filepreviews.io/
https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
http://www.cl.cam.ac.uk/~mgk25/iso-time.html
https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
https://www.apache.org/licenses/
https://httpbin.org/
http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
https://instagram.com
https://cryptography.io/
http://crl.securetrust.com/SGCA.crl0
https://github.com/urllib3/urllib3/issues/2920
https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
https://docs.python.org/3/library/re.html#re.sub
https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral
http://www.firmaprofesional.com/cps0
http://178.208.187.105/7118723753_chat.txt
https://www.attrs.org/en/24.3.0/_static/sponsors/Variomedia.svg
https://127.0.0.1:8443
https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).
http://ip-api.com/json
https://discord.gg/
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
https://mahler:8092/site-updates.py
https://packaging.python.org/installing/
https://www.attrs.org/
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
https://github.com/pyca/cryptography/issues
http://www.rfc-editor.org/info/rfc7253
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
http://www.accv.es00
https://github.com/jaraco/jaraco.functools/issues/5
https://google.com/mail
http://www.cert.fnmt.es/dpcs/
http://python.org
https://github.com/pypa/packaging
https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
https://epicgames.com
https://ebay.com
https://www.apache.org/licenses/LICENSE-2.0
http://goo.gl/zeJZl.
http://178.208.187.105/7118723753_chat.txt0
https://store.steampowered.com
https://oauth.reddit.com/api/v1/me
https://github.com/sponsors/hynek
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
https://www.attrs.org/en/24.3.0/_static/sponsors/FilePreviews.svg
http://docs.python.org/library/unittest.html
https://github.com/urllib3/urllib3/issues/3290li.pyw
https://paypal.com
https://github.com/aio-libs/aiohttp/discussions/6044
https://img.shields.io/pypi/v/setuptools.svg
https://img.shields.io/pypi/pyversions/setuptools.svg
https://www.attrs.org/en/24.3.0/_static/sponsors/
https://requests.readthedocs.io0
https://github.com/python-attrs/attrs/issues/251
https://github.com/giampaolo/psutil/issues/875.
https://github.com/pyca/cryptography/issues/8996
https://tools.ietf.org/html/rfc3610
https://wwww.certigna.fr/autorites/0m
https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2
https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.3
http://www.quovadisglobal.com/cps.k
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
https://catbox.moe/user/api.php
http://json.org
https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
http://curl.haxx.se/rfc/cookie_spec.html
http://crl.dhimyotis.com/certignarootca.crl
https://account.riotgames.com/api/account/v1/user
https://github.com/python-attrs/attrs/issues/136
https://blog.jaraco.com/skeleton
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
https://ipinfo.io/json
https://discord.com/api/v9/users/
https://api.namemc.com/profile/
https://github.com/pypa/setuptools/workflows/tests/badge.svg
https://pypi.org/project/setuptools
https://refspecs.linuxfoundation.org/elf/gabi4
https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).
https://www.dropbox.com/scl/fi/3clo0b3x6nfajqm27kvx6/exodus.asar?rlkey=200tiyus0rc0u3u4j9kf517l0&st=

Dropped files

No malicious files found. See full and IOC report for all dropped files.