Futuroso New Order.xlsx

Status: finished

Submission Time: 2020-05-29 13:38:19 +02:00

Malicious

Trojan

Exploiter

Evader

AgentTesla

Comments

Details

Analysis ID:
234173
API (Web) ID:
364495
Analysis Started:

2020-05-29 13:38:20 +02:00
Analysis Finished:

2020-05-29 13:46:39 +02:00
MD5:
c644ce0ba7cdcbe21a1b666a66d59a94
SHA1:
9d9cf2e1223f8f0484daa16f988fa0b0400fb032
SHA256:
145e698bcce7e4360e752f2c7d4c16134243938212f67c88014b787b1009a448
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: unknown

Third Party Analysis Engines

Open Full Report

malicious

Score: 21/72

malicious

Score: 23/31

malicious

IPs

IP	Country	Detection
107.173.219.40	United States

Domains

Name	IP	Detection
systemsecureserverprotocolgooglegood.duckdns.org	107.173.219.40

URLs

Name	Detection
http://systemsecureserverprotocolgooglegood.duckdns.org/bg/
http://systemsecureserverprotocolgooglegood.duckdns.org/bg/invoice.doc
http://systemsecureserverprotocolgooglegood.duckdns.org/bg/vbc.exe

Dropped files

Name	File Type	Hashes
C:\Users\user\netsh\AcGenral.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Desktop\~$Futuroso New Order.xlsx	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5U8YKW2\vbc[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 31 hidden entries
C:\Users\user\AppData\Roaming\vbc.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netsh.url	MS Windows 95 Internet shortcut text (URL=<file:///C:/Users/user/netsh/netsh.vbs>), ASCII text, with CR line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\bg on systemsecureserverprotocolgooglegood.duckdns.org.url	MS Windows 95 Internet shortcut text (URL=<http://systemsecureserverprotocolgooglegood.duckdns.org/bg/>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{219D7262-8DE4-4C1D-916B-0E23C41B1A4B}.tmp	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DBA2E285-776E-4F15-9F39-4803B8D00ABE}.tmp	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FFB975B2-53BE-4685-A0BE-009036C1FF2C}.tmp	data	#
C:\Users\user\AppData\Local\Temp\{6D8A0A5F-CEBD-4B95-A01F-EB82C01D458B}	data	#
C:\Users\user\AppData\Local\Temp\{CD847F1E-3E15-4086-8D03-74B7ED7FCA1A}	data	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\invoice.doc.url	MS Windows 95 Internet shortcut text (URL=<http://systemsecureserverprotocolgooglegood.duckdns.org/bg/invoice.doc>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRO0000.doc	Microsoft Word 2007+	#
C:\Users\user\Desktop\07630000	data	#
C:\Users\user\Desktop\07630000:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\netsh\netsh.vbs	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0004.tmp	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0001.tmp	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~$RO0000.doc	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~$RD0003.docm	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F9290395.doc	Rich Text Format data, version 1, unknown character set	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D7BC10B3.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BD68C039.jpeg	gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\84AF2B18.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\580F8C92.jpeg	[TIFF image data, big-endian, direntries=1], baseline, precision 8, 965x543, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X38UWNX5\invoice[1].doc	Rich Text Format data, version 1, unknown character set	#
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF	data	#
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{F2C3B083-12E4-47F3-952B-19F35D0C5D78}.FSD	data	#
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD	data	#
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF	data	#
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{159CDB2A-0609-4239-991A-0CD5DF851025}.FSD	data	#

Futuroso New Order.xlsx

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Futuroso New Order.xlsx Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Futuroso New Order.xlsx