flash

URGENT TENDER#675320 (Covid19 kits).exe

Status: finished
Submission Time: 20.05.2020 23:45:11
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    231966
  • API (Web) ID:
    360202
  • Analysis Started:
    20.05.2020 23:45:11
  • Analysis Finished:
    20.05.2020 23:57:22
  • MD5:
    bd2aeaab8f491a77f7c7ce59b027cf2c
  • SHA1:
    2a790244357f24b6145a43d35a3644728250e2dc
  • SHA256:
    5b37cc85fd190a6b4726ea57f2588b5a74acc2c51e2917363c226b73ac79118f
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
54/72

malicious
9/38

malicious
26/31

IPs

IP Country Detection
198.54.120.244
United States

Domains

Name IP Detection
twire.icu
198.54.120.244
cdn.onenote.net
0.0.0.0

URLs

Name Detection
http://SrAofBZL3yXOpaN2T.net
https://www.pelock.com/api/aztec-decoder/v1
http://twire.icu

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\URGENT TENDER#675320 (Covid19 kits).exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\appdata.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\appdata.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\appdata.exe.log
ASCII text, with CRLF line terminators
#