top title background image
flash

YxBvpY3BPa.exe

Status: finished
Submission Time: 2025-02-06 08:32:20 +01:00
Malicious
Trojan
Evader
SheetRat

Comments

Tags

  • exe

Details

  • Analysis ID:
    1608090
  • API (Web) ID:
    1608090
  • Original Filename:
    8308fa6fa94cb10b2e5a131f4faa4210.exe
  • Analysis Started:
    2025-02-06 08:32:20 +01:00
  • Analysis Finished:
    2025-02-06 08:45:22 +01:00
  • MD5:
    8308fa6fa94cb10b2e5a131f4faa4210
  • SHA1:
    a4af71d7423e0a411dbf70de2841948ab0706bff
  • SHA256:
    0015982786a716d0947095950df915cb8c7c4ef7fa7e48fc3ad22fdca6afeed7
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 43/70
malicious
Score: 19/24
malicious

IPs

IP Country Detection
147.185.221.20
United States
172.67.203.125
United States
172.66.47.197
United States
Click to see the 1 hidden entries
172.67.19.24
United States

Domains

Name IP Detection
especially-religions.gl.at.ply.gg
147.185.221.20
d2314eac.solaraweb-alj.pages.dev
172.66.47.197
getsolara.dev
172.67.203.125
Click to see the 1 hidden entries
pastebin.com
172.67.19.24

URLs

Name Detection
https://gitlab.com/cmd-softworks1/a/-/snippets/4768754/raw/main/endpoint.json
http://d2314eac.solaraweb-alj.pages.dev
https://pastebin.com
Click to see the 27 hidden entries
http://pastebin.com
https://getsolara.dev/api/endpoint.jsonChttps://pastebin.com/raw/xr5Gb4Bn
http://wpfanimatedgif.codeplex.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://127.0.0.1:6463/rpc?v=1
https://www.nuget.org/packages/Newtonsoft.Json.Bson
https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
https://d2314eac.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zip
https://www.newtonsoft.com/jsonschema
http://127.0.0.1:64632
https://getsolara.dev/api/endpoint.json
https://getsolara.dev
http://127.0.0.1:6463
https://d2314eac.solaraweb-alj.pages.dev/download/static/files/BootstrapperNew.exe
https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
https://aka.ms/vs/17/release/vc_redist.x64.exe
https://aka.ms/odirm
https://discord.com;http://127.0.0.1:6463/rpc?v=11
http://getsolara.dev
https://aka.ms/Vh5j3k
http://james.newtonking.com/projects/json
https://getsolara.dev/api/endpoint.jsonUhttps://api.getsolara.gg/api/endpoint.jsonChttps://pastebin.
https://getsolara.dev/asset/discord.json
https://d2314eac.solaraweb-alj.pages.dev
https://pastebin.com/raw/xr5Gb4Bn
http://materialdesigninxaml.net/winfx/xaml/themes
https://discord.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\YxBvpY3BPa.exe.log
CSV text
#
C:\Users\user\AppData\Local\Temp\Bo?tstrapper.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\Bootstrapper.exe
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
#
Click to see the 4 hidden entries
C:\Users\user\AppData\Local\Temp\BootstrapperV2.19.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Sub\sv
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Sub\svchost.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\xdwd.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#