Threat analysis report: Save Yourself Malware
Show in Graph
Image Description
Common Information
Type Value
UUID 81beee9a-0a2e-42e5-809a-136338245200
Fingerprint abcbc3cfd05580646ce3fb6de79528d4928c1425ed0bbd6949b413be365fad95
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 14, 2019, 8:09 a.m.
Added to db April 18, 2024, 10:31 a.m.
Last updated Aug. 31, 2024, 1:14 a.m.
Headline Threat analysis report: Save Yourself Malware
Title Threat analysis report: Save Yourself Malware
Detected Hints/Tags/Attributes 65/2/160
Source URLs
Redirection Url
Details Source https://www.virusbulletin.com/uploads/pdf/magazine/2019/201910-Reason-Save-Yourself-Malware.pdf
URL Provider
Details Provider Source level domain
Details virusbulletin.com www.virusbulletin.com
Attributes
Details Type #Events CTI Value
Details Domain 247 
www.virusbulletin.com
Details Domain 1 
856.com
Details Domain 268 
www.virustotal.com
Details Domain 1 
30131.exe-d5e0685b.pf
Details Domain 1 
urusurofhsorhfuuhl.cc
Details Domain 62 
icanhazip.com
Details Domain 1 
analyze2.intezer.com
Details Domain 3 
ransomwaretracker.abuse.ch
Details Domain 4 
www.threatminer.org
Details Domain 1 
jbxcloud.joesecurity.org
Details Domain 1 
nexusconsultancy.co.uk
Details File 10 
e.exe
Details File 6 
nvcontainer.exe
Details File 1 
9be07.exe
Details File 1 
c:\users\user\appdata\local\temp\409f.exe
Details File 1 
c:\users\user\appdata\local\temp\dd_9be07_decompression_log.txt
Details File 1 
409f.exe
Details File 1 
c:\windows\165630396\sysblks.exe
Details File 1 
sysblks.exe
Details File 1 
c:\users\user\appdata\local\temp\30131.exe
Details File 1 
c:\users\user\appdata\local\temp\17926.exe
Details File 1 
c:\users\user\appdata\local\temp\33947.exe
Details File 1122 
svchost.exe
Details File 1 
c:\windows\prefetch\30131.exe
Details File 1 
17926.exe
Details File 1 
c:\users\user\desktop\chosen\procexp.exe
Details File 1 
c:\users\user\desktop\chosen\strings.exe
Details File 1 
c:\users\user\downloads\7z1900-x64.exe
Details File 1 
c:\users\user\downloads\chromesetup.exe
Details File 2 
c:\users\user\downloads\firefox installer.exe
Details File 1 
c:\users\user\appdata\local\temp\16945.exe
Details File 1 
16945.exe
Details File 1 
c:\programdata\ilktmhstyg\r.vbs
Details File 376 
wscript.exe
Details File 1 
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\kmjlzqxsmi.url
Details File 1 
syshwbr.exe
Details File 1 
d:\__\chosen\procmon.exe
Details File 1 
d:\__\chosen\strings64.exe
Details File 1 
10719.exe
Details File 1 
c:\users\user\appdata\local\temp\8191564810642097.jpg
Details File 1 
23923.exe
Details File 1 
c:\users\user\appdata\local\temp\5706894215163142.jpg
Details File 478 
lsass.exe
Details File 1 
%windir%\1233324385\sysgkvm.exe
Details File 5 
drivemgr.exe
Details File 380 
notepad.exe
Details File 243 
autorun.inf
Details File 1 
sysgkvm.exe
Details File 1 
%temp%\19713.exe
Details File 1 
%temp%\33418.exe
Details File 1 
%temp%\25177.exe
Details File 1 
%temp%\10744.exe
Details File 1 
%temp%\21972.exe
Details File 1 
%windir%\1782026319\sysxqbm.exe
Details File 1 
%windir%\2481323766\sysdxun.exe
Details File 1 
%windir%\2432812312\syszpnq.exe
Details File 14 
t.php
Details File 6 
n.txt
Details File 1 
1118.txt
Details File 1 
1315.txt
Details File 1 
895.txt
Details File 1 
145.txt
Details File 1 
winsvc.txt
Details File 50 
a.exe
Details File 291 
user32.dll
Details File 12 
c:\windows\notepad.exe
Details File 1 
syszttz.exe
Details File 1 
c:\programdata\ilktmhstvg\r.vbs
Details File 1 
kmjizqxsmi.url
Details File 7 
host.php
Details md5 1 
c3dd5eda4800c1d049d7b39d742705e1
Details md5 1 
1c99a724a3ca3d722c9638e80f191941
Details sha1 1 
8a730173cfa801fac3fb1f5320de27b5490910d4
Details sha1 1 
80196c3948204c49da4feec6e701f4d72ff8a2c6
Details sha256 1 
d0fcb364a1d37c93740edcb88695de72de8b53fcf29c6bb0fcbc792897fd9b8b
Details sha256 1 
af75c754649de2eec5122c381b4ccff583a29d8ab3d53fdaaa7a42085fe6ef39
Details sha256 1 
d2693eed8d1ceab792c1673ccc5becf5cbe09a0889073a757280ac0ef33a8819
Details sha256 1 
e3fa69c87bc015782a9429df6115a69bf621c5f725e704089f2a92ec9291e4fe
Details sha256 1 
0a744b7e413dc3b6359386b368f70aa0ce7a8b5a5483c4f14ba9cfa750e91952
Details sha256 1 
4d2e3676b17f01d7f218927852498af212577807f8967c5c697ff34687e98e2c
Details sha256 1 
39dbe24188dcfc567a81b2fd92c907df8e0f333dc29f4fc5ddcffbb2c81081b1
Details sha256 1 
4072d7b0f1d8589cb8e4da19ab2a4ab48260006f5b31a27977647d2e1bfc8d6a
Details sha256 1 
022181bb26aaba3d7fe345b0433bbb68e1207120a0a33fb0df92ab05c6a7f3f8
Details sha256 1 
53f13fc7aca9039614dfa5ddd03d2a8d390a7cad9952c3fcb5dd75dca6330136
Details sha256 1 
1db561eb0c28131087fc395efcb8612518e47ca0327cb89a9c48d5b927c92608
Details sha256 1 
df5fdf07f6a62f6cc4d33d8cc5527bc7b4c84e09f96ae4b3da8e42a4e319f2f3
Details sha256 1 
fb65d79de9dcb18e8d1384ced84fce5dbf56933ee5d64b80a273289139912054
Details sha256 1 
dca8896d108c910d51c6115c31e954e1ea565ec80a9dd2ef5389388d55d64b3a
Details sha256 1 
c155c1af9dcda56b8a636cd75534349449fbe89370e5932454473269db27aef6
Details sha256 1 
a10f49890656980f4899ea7f6c0deb4780db2a7c6618a331f98a2de13004573d
Details sha256 1 
f136e1ac6032d4255522a6418ed9a0cacdb54d74a1c112c4d5e395224fab011a
Details sha256 1 
1c9dcf5f37140e046cd0f7f92a70a8243c5728aa2152e83772093175ff2d124a
Details sha256 1 
feb6673246d196ff9a4b59636825d110679d0c7931f11be399b4ffb78756cad8
Details sha256 1 
cdd15c6650c046171cc83dec7aec1b8f19a30f3d4886b035aa195c0c5a630224
Details sha256 1 
6aea730a525a7e8999e05a77cf61010fd43dbde6ae1f4fe4110538b3202baf9e
Details sha256 1 
99b65d3ecbd87835847b50354594358b199cbb441b264dd938b08e37b359d280
Details sha256 1 
03ff61738e1f8fb9ef1dbbfcde30307594a300ece795b34aba7954e500f99cf3
Details sha256 1 
e0e603a96bb3f72b197fff899757d2010b5c24658b68bd688422e8a28be5791d
Details sha256 1 
b6637a632fc738a8b410006f3a5bc2c2942518e7638c7eb0d09aea4406e6941e
Details sha256 1 
638e1586d13933523c0ad33fa63aa7b3b71aabd72f81d97fb7debae941e1608d
Details sha256 1 
9bba769bbad289e934744e56b7e0810487862aa2a6373537a99610e6c423dcca
Details sha256 1 
a1a6315743cab33b2b7f362aa01b79156279709fa122187e4ccbd91ee6e05e69
Details sha256 1 
9603363c5a2c453640cb31e813e862eca58309f5029050d75815c4aae5d8032a
Details sha256 1 
5a9c4561083d87bc159364be693ca4e3c3e897ab9352bb94d2b4e53ac8dca88f
Details sha256 1 
fa2f459b22df8dc33544fcb145ed32991c284c6cde15591190309e46db01928e
Details sha256 1 
35d1805a3f6e768e53c79ac3182bbf81ee61954e622e72a7a9106ac9e7aa0b5d
Details sha256 1 
3ef323f5cfb9178c83c2406c308c1fa52ec2aee60fbde2e9bdab3c95f18ffe46
Details sha256 1 
13ed456d5f11c1134b250dc02827c04e36b13f7fdc0a9ebbb483aceafb50acbd
Details sha256 1 
8fc75d7383e9450a8a6d46d82927b3fbf1ba76240b1c4357d44c56666fb32e0a
Details sha256 1 
b3b60633dcc82c030504e45bf8af059f6aec0376b083ac91d0f5f898047317cf
Details sha256 1 
4585e016c4a7227ac2de5798e86875bf2d9a971983c1f26d5adf89fde1fe2e94
Details sha256 1 
d896de761ca06a016c8dc37b9aa53f06a13436bce53164ceaed1e3bdf8f48ffa
Details sha256 1 
1ed63cd034b8bfedc1653914e29672fe43f87a1914adf8c3e79e2cd5e203df20
Details sha256 1 
66bca8e8936d6fcbff88309daf6e8a4e302d5692d0a758d08292714f19b8810c
Details sha256 1 
88bbb810f84402e320c7efd32ac9b8a03895ebed09a4f37770322db1d97acf62
Details sha256 1 
158cd7b78dce398d1547476ea01039467c5cb7565b35d75ea2ad4e60b9c4812f
Details sha256 1 
78298d81e73f831456fde103ea46f62270e375594213d02c0de891a1de328a3d
Details sha256 1 
7f88d7455724e20620c210a1df6ab04e4d061a735fe7629f882aedc92f528b69
Details sha256 1 
a1a6b077762d20a5a76a0aeb797cd76738d06022f3134dfb831322c603b7739d
Details sha256 1 
624b36b227ac61573cca78cc7f8c691ff93306d8391cdbbb4c84a29a4eaa8506
Details sha256 1 
0d89dabb51259c1896d2abb7a23e4aa47db405f7583415b5e05c3287b1ad5616
Details IPv4 5 
185.176.27.132
Details IPv4 6 
193.32.161.73
Details IPv4 2 
7.5.7.7
Details IPv4 2 
98.137.159.24
Details IPv4 2 
106.10.248.84
Details IPv4 15 
208.100.26.251
Details IPv4 4 
35.225.160.245
Details Url 2 
https://www.virustotal.com/gui/fi
Details Url 1 
http://185.176.27.132/t.php?new=1
Details Url 1 
http://urusurofhsorhfuuhl.cc/t.php?new=1
Details Url 1 
http://193.32.161.73/t.php?new=1
Details Url 1 
http://185.176.27.132/1
Details Url 2 
http://185.176.27.132/2
Details Url 2 
http://185.176.27.132/3
Details Url 3 
http://185.176.27.132/4
Details Url 2 
http://185.176.27.132/5
Details Url 2 
http://185.176.27.132/6
Details Url 1 
http://185.176.27.132/7
Details Url 1 
http://185.176.27.132/8
Details Url 7 
http://icanhazip.com
Details Url 1 
http://193.32.161.73/_1/n.txt
Details Url 1 
http://193.32.161.73/_1/1118.txt
Details Url 1 
http://193.32.161.73/_2/n.txt
Details Url 1 
http://193.32.161.73/_2/1315.txt
Details Url 1 
http://193.32.161.73/_3/n.txt
Details Url 1 
http://193.32.161.73/_3/895.txt
Details Url 1 
http://193.32.161.73/_5/n.txt
Details Url 1 
http://193.32.161.73/_5/145.txt
Details Url 1 
http://193.32.161.73/e.
Details Url 1 
https://analyze2.intezer.com/#
Details Url 1 
https://ransomwaretracker.abuse.ch/ip/208.100.26.251
Details Url 1 
https://www.threatminer.org/host.php?q=208.100.26.251
Details Url 1 
https://jbxcloud.joesecurity.org/analysis/936034/0/html
Details Url 1 
https://www.virustotal.com/gui/ip-address/35.225.160.245/details
Details Url 1 
https://www.virustotal.com/gui/ip-address/208.100.26.251/details
Details Url 1 
https://www.virustotal.com/gui/ip-address/7.5.7.7/relations
Details Url 1 
https://www.virustotal.com/gui/ip-address/193.32.161.73/relations
Details Url 1 
https://nexusconsultancy.co.uk/blog/email-scam-ashamed-of-yourself
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security