asgRF2AfuM.exe

Status: finished

Submission Time: 2021-08-23 22:37:07 +02:00

Malicious

Spreader

Trojan

Evader

Miner

Tofsee Xmrig

Comments

Details

Analysis ID:
470252
API (Web) ID:
837821
Analysis Started:

2021-08-23 22:37:07 +02:00
Analysis Finished:

2021-08-23 22:48:34 +02:00
MD5:
5b305c615044525988a27b61fcacc777
SHA1:
1e5153d4155a50ac82bee455c5c0f9f0aa688f69
SHA256:
700f94a34591e321bba41a65fe6ad2d273d245381a64b8733898804c286ce4a8
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 28/67

IPs

IP	Country	Detection
64.136.44.37	United States
193.56.146.42	unknown
193.56.146.43	unknown
Click to see the 51 hidden entries
104.47.59.161	United States
212.54.56.11	Netherlands
213.91.128.133	Bulgaria
104.47.22.161	United States
104.47.13.33	United States
163.172.32.74	United Kingdom
104.47.55.161	United States
104.47.18.161	United States
67.195.204.73	United States
54.200.93.251	United States
95.216.144.159	Germany
67.195.228.109	United States
98.136.96.91	United States
104.47.12.33	United States
213.227.140.23	Netherlands
193.56.146.188	unknown
64.147.108.55	United States
104.47.54.36	United States
104.47.6.33	United States
104.47.66.33	United States
217.237.164.131	Germany
5.61.37.41	United Kingdom
95.216.195.92	Germany
104.47.73.33	United States
193.56.146.41	unknown
104.47.1.33	United States
104.47.17.97	United States
157.240.17.174	United States
104.47.57.33	United States
185.76.64.62	Sweden
69.168.106.130	United States
104.47.18.97	United States
148.163.156.84	United States
208.84.65.230	United States
205.220.177.101	United States
172.217.218.27	United States
148.163.149.246	United States
170.12.104.95	United States
142.250.150.27	United States
216.163.176.38	United States
17.56.9.19	United States
208.86.49.106	United States
138.188.184.33	Switzerland
104.47.58.161	United States
216.58.215.228	United States
212.227.17.5	Germany
104.47.14.33	United States
104.47.53.36	United States
173.194.202.27	United States
208.86.201.170	United States
67.231.151.196	United States

Domains

Name	IP	Detection
mail.h-email.net	54.200.93.251
live.co.uk	0.0.0.0
mx-2.rightbox.com	64.147.108.55
Click to see the 97 hidden entries
mx.tb.ukmail.iss.as9143.net	212.54.56.11
mail.credomatic.com	190.242.156.210
mail.surfeu.fi	95.216.144.159
mx.dca.untd.com	64.136.44.37
empal.com	0.0.0.0
mx.ahdresden.de	217.237.164.131
fastpool.xyz	213.91.128.133
mail2headhunter.com	0.0.0.0
mta5.am0.yahoodns.net	98.136.96.91
ip.pr-cy.hacklix.com	163.172.32.74
mx01.oxsus-vadesecure.net	51.81.57.58
tarrare.com	0.0.0.0
defeatwax.ru	193.56.146.188
mailcatch.com	0.0.0.0
mx.optimum.net	167.206.4.79
live.com	0.0.0.0
hotmail.com	0.0.0.0
aspmx.l.google.com	172.217.218.27
outlook-com.olc.protection.outlook.com	104.47.17.97
mail-in-excite.roc2.bluetie.com	208.89.132.27
inbound.gci.net	69.168.106.130
mx02.mail.icloud.com	17.56.9.19
hotmail-com.olc.protection.outlook.com	104.47.14.33
mail.swisscom.com	138.188.184.33
msn-com.olc.protection.outlook.com	104.47.18.97
mail.mailcatch.com	37.59.184.95
publicms1.mail2world.com	216.163.176.38
mx.hover.com.cust.hostedemail.com	216.40.42.4
mxa-0001b201.gslb.pphosted.com	67.231.158.158
aspmx5.googlemail.com	173.194.202.27
toshiba.com	0.0.0.0
77.52.17.84.zen.spamhaus.org	0.0.0.0
gci.net	0.0.0.0
gmx.net	0.0.0.0
optonline.net	0.0.0.0
aol.com	0.0.0.0
freenet.de	0.0.0.0
excite.com	0.0.0.0
orange.fr	0.0.0.0
raymondjames.com	0.0.0.0
proc.sccgov.org	0.0.0.0
mindspring.com	0.0.0.0
telus.net	0.0.0.0
marykay.com	0.0.0.0
yahoo.com	0.0.0.0
77.52.17.84.cbl.abuseat.org	0.0.0.0
77.52.17.84.dnsbl.sorbs.net	0.0.0.0
mta6.am0.yahoodns.net	98.136.96.75
investorsgroup.com	0.0.0.0
sbdinc.com	0.0.0.0
charterschoolsusa.com	0.0.0.0
auth.api.np.ac.playstation.net	0.0.0.0
ivyhawnschool.org.1.0001.arsmtp.com	8.19.118.108
alt1.gmail-smtp-in.l.google.com	142.250.150.27
microsoft-com.mail.protection.outlook.com	104.47.53.36
emig.freenet.de	195.4.92.215
mail-gw01.fsdata.se	185.76.64.62
mx.vgs.untd.com	64.136.52.37
mx2.comcast.net	68.87.20.5
quicksilver.francenet.fr	212.121.168.194
mxb-0018cf04.gslb.pphosted.com	67.231.145.34
mx01.emig.gmx.net	212.227.17.5
mx1.spray.mail2world.com	216.163.176.38
mx08-002b3401.pphosted.com	185.183.28.28
m.youtube.com	216.58.215.238
www.google.com	216.58.215.228
alt2.aspmx.l.google.com	74.125.200.27
z-p42-instagram.c10r.instagram.com	157.240.17.174
mxb-00182f01.gslb.pphosted.com	67.231.151.196
mxa-000cb501.gslb.pphosted.com	67.231.152.94
mxa-004cad01.gslb.pphosted.com	205.220.174.169
eu-esec-01.heimdalsecurity.com	20.50.183.146
smtp1.rjf.com	170.12.104.95
mxa-0024e201.gslb.pphosted.com	148.163.144.24
mxb-001a5901.gslb.pphosted.com	208.86.201.170
nam.olc.protection.outlook.com	104.47.57.33
smtpuin2.f1.k8.com.br	187.73.32.157
smtp-in.orange.fr	193.252.22.65
live-com.olc.protection.outlook.com	104.47.58.161
mail.marykay.com	208.86.49.106
mxa-0034a301.gslb.pphosted.com	148.163.140.100
mxa-001bee01.gslb.pphosted.com	148.163.156.84
mx-aol.mail.gm0.yahoodns.net	67.195.228.84
mx1.free.fr	212.27.48.7
mxa-0000ec05.gslb.pphosted.com	208.84.65.230
mx0.charter.net	47.43.18.9
ASPMX.L.GOOGLE.COM	172.217.218.27
mx3.qq.com	203.205.219.57
mx1.empal.com	117.53.114.15
mxb-003dc001.gslb.pphosted.com	205.220.161.35
eur.olc.protection.outlook.com	104.47.1.33
mx00.gmx.net	212.227.15.10
mail.holdahl.net	65.255.240.37
fpo9.mail.dk	193.201.76.57
mxb-00126502.gslb.pphosted.com	148.163.149.67
mxa-00254701.gslb.pphosted.com	148.163.149.246
mxb-00004003.gslb.pphosted.com	205.220.177.101

URLs

Name	Detection
refabyd.info:443
defeatwax.ru:443
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Click to see the 33 hidden entries
https://dev.ditu.live.com/mapcontrol/logging.ashx
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
https://dynamic.t
https://dev.virtualearth.net/REST/v1/Routes/Transit
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
https://appexmapsappupdate.blob.core.windows.net
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
http://www.bingmapsportal.com
https://dev.ditu.live.com/REST/v1/Locations
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
http://www.google.com/
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
https://dev.virtualearth.net/REST/v1/Routes/Walking
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
https://dev.ditu.live.com/REST/v1/Routes/
https://dev.virtualearth.net/REST/v1/Routes/Driving
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
https://t0.tiles.ditu.live.com/tiles/gen
https://dev.virtualearth.net/REST/v1/Routes/
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
https://dev.virtualearth.net/REST/v1/Locations
http://www.bsalsa.com/
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
https://dev.virtualearth.net/mapcontrol/logging.ashx

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\ivvtstgg.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Windows\SysWOW64\bwnyihiu\ivvtstgg.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Windows\SysWOW64\config\systemprofile:.repos	data	#

Deep Malware Analysis

asgRF2AfuM.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

asgRF2AfuM.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

asgRF2AfuM.exe