6e139f3d_by_Libranalysis.exe

Status: finished

Submission Time: 2021-05-03 19:47:26 +02:00

Malicious

Ransomware

Evader

Sodinokibi

Comments

Details

Analysis ID:
403140
API (Web) ID:
708428
Analysis Started:

2021-05-03 19:58:11 +02:00
Analysis Finished:

2021-05-03 20:06:47 +02:00
MD5:
6e139f3da41b57d2a7b90b6a8d52a396
SHA1:
47f4b6b0b655f6659ec0f4e84d479b5c35d8a9b0
SHA256:
5d9b68455031f1c5b78d6fc0af037cb7ea72b465fd32fdce368420b8b816e3e1
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 60/71

malicious

Score: 29/31

malicious

IPs

IP	Country	Detection
94.231.107.137	Denmark
85.214.155.19	Germany
192.124.249.78	United States
Click to see the 1 hidden entries
154.86.216.242	Seychelles

Domains

Name	IP	Detection
lovcase.com	154.86.216.242
trivselsguide.dk	94.231.107.137
daveystownhouse.com	85.214.155.19
Click to see the 1 hidden entries
carmel-york.com	192.124.249.78

URLs

Name	Detection
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/AB3EB94BB6ED1275
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/
https://api.w.org/
Click to see the 71 hidden entries
http://gmpg.org/xfn/11
https://github.com/Pester/Pester
https://www.carmel-york.com/feed/
https://trivselsguide.dk/wp-json/
https://certs.godaddy.com/repository/0
https://www.carmel-york.c
https://carmel-york.com/data/pics/wvhukjej.jpg
https://contoso.com/Icon
https://daveystownhouse.com/wp-content/plugins/goodlayers-core/include/css/page-builder.css?ver=5.7.
https://daveystownhouse.com/wp-content/plugins/goodlayers-core/plugins/elegant/elegant-font.css?ver=
http://certs.godaddy.com/repository/1301
http://www.apache.org/licenses/LICENSE-2.0.html
http://cps.letsencrypt.org0
http://pesterbdd.com/images/Pester.png
https://www.carmel-york.com/wp-json/
http://decryptor.VM
http://crl.godaddy.com/gdig2s1-2746.crl0
https://daveystownhouse.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
https://www.carmel-york.com/wp-i
https://www.carmel-york.com/comments/feed/
https://daveystownhouse.com/wp-content/plugins/goodlayers-core/plugins/style.css?ver=1598638190
https://daveystownhouse.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
https://daveystownhouse.com/wp-content/uploads/2018/09/final-darshna-logo.png
https://daveystownhouse.com/wp-content/uploads/20
https://daveystownhouse.com/wp-content/uploads/traveltour-style-custom.css?1598295653&ver=5.7.1
https://www.carmel-york.com/comments/fe
https://trivselsguide.dk/
https://daveystownhouse.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.22
https://daveystownhouse.com/wp-content/plugins/tourmaster/tourmaster.css?ver=4.1.4
https://daveystownhouse.com/wp-content/plugins/goodlayers-core/plugins/fontawesome/font-awesome.css?
https://daveystownhouse.com/wp-content/uploads/tourmaster-style-custom.css?1588782523&ver=5.7.1
https://daveystownhouse.com/uploads/assets/yjsqnj.gif
http://crl.godaddy.com/gdroot-g2.crl0F
https://trivselsguide.dk/content/assets/nkrm.png1
https://carmel-york.com/data/pics/wvhukjej.jpg7
https://trivselsguide.dk/content/assets/nkrm.png
http://r3.i.lencr.org/01
https://daveystownhouse.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.22
https://daveystownhouse.com/wp-json/
https://daveystownhouse.com/xmlrpc.php
https://daveystownhouse.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.22
https://daveystownhouse.com/comments/feed/
https://daveystownhouse.com/xmlrpc.php?rsd
https://daveystownhouse.com/wp-content/plugins/wp-google-map-plugin/assets/css/frontend.css?ver=5.7.
https://daveystownhouse.com/wp-includes/wlwmanifest.xml
https://torproject.org/
https://contoso.com/License
http://r3.i.lencr.org/0T
https://trivselsguide.dk/content/assets/nkrm.pngh
http://crl.godaddy.com/gdroot-
http://certificates.godaddy.com/repository/0
https://daveystownhouse.com/wp-content/themes/traveltour/css/style-core.css?ver=5.7.1
https://lovcase.com/data/images/eaehdknrstzw.jpg
https://daveystownhouse.com/
http://nuget.org/NuGet.exe
http://decryptor.top/AB3EB94BB6ED1275
https://trivselsguide.dk/5
http://decryptor.top/
http://cps.root-x1.letsencrypt.org0
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://certificates.godaddy.com/repository/gdig2.crt0
https://daveystownhouse.com/wp-content/uploads/2018/09/final-darshna-logo-150x83.png
https://trivselsguide.dk/content/assets/nkrm.pngn1
https://trivselsguide.dk/E
http://r3.o.lencr.org0
https://daveystownhouse.com/wp-content/themes/traveltour-child/style.css?ver=5.7.1
https://nuget.org/nuget.exe
https://contoso.com/
https://daveystownhouse.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.1
https://daveystownhouse.com/wp-content/themes/traveltour/js/html5.js?ver=5.7.1
https://daveystownhouse.com/feed/

Dropped files

Name	File Type	Hashes
C:\8ct5azzh7-readme.txt	data	#
C:\Users\user\Desktop\NVWZAPQSQL.pdf	COM executable for DOS	#
C:\Users\user\Desktop\PIVFAGEAAV\NVWZAPQSQL.pdf	data	#
Click to see the 1 hidden entries
C:\Users\user\Desktop\PWCCAWLGRE\PIVFAGEAAV.pdf	data	#

Deep Malware Analysis

6e139f3d_by_Libranalysis.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

6e139f3d_by_Libranalysis.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

6e139f3d_by_Libranalysis.exe