Register Login

sloganpng

top title background image

Vessel Details.xlsm

Status: finished

Submission Time: 2020-04-15 16:18:13 +02:00

Malicious

Trojan

Adware

Spyware

Exploiter

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
222741
API (Web) ID:
342147
Analysis Started:

2020-04-15 16:21:21 +02:00
Analysis Finished:

2020-04-15 16:33:51 +02:00
MD5:
c13253243087a2a831b160fbfdc0e758
SHA1:
83d79e980279e68fd491db3630c17dd21c08b6b8
SHA256:
b72365636361f0d759ff9745d2c3d5321b5cfb74d577edc8dcba04ee2c06b6e9
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: unknown

Third Party Analysis Engines

Open Full Report

malicious

Score: 32/63

malicious

Score: 17/44

malicious

IPs

IP	Country	Detection
198.12.66.107	United States

URLs

Name	Detection
http://198.12.66.107/garang.exe
http://198.12.66.107/garang.exe)
http://198.12.66.107/garang.exeYW5nLmV4ZQ==).CreateElement(
Click to see the 2 hidden entries
http://mail.platinships.net
http://198.12.66.107/garang.exeDOMDocument

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\uaccc.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nichebaba.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\Desktop\~$Vessel Details.xlsm	data	#
Click to see the 4 hidden entries
C:\ProgramData\asc.txt:script1.vbs	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7DBDEA7C.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B1DDC1EA.png	GIF image data, version 89a, 1374 x 584	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F42E504D.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	#