flash

RFQ0723272983.exe

Status: finished
Submission Time: 29.06.2020 14:18:00
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    241989
  • API (Web) ID:
    379698
  • Analysis Started:
    29.06.2020 14:18:00
  • Analysis Finished:
    29.06.2020 14:32:21
  • MD5:
    558f002df267284bbc8141146e3d5f26
  • SHA1:
    9d136fca00d3451077bceaf8c5039f4d33465340
  • SHA256:
    c3da3a9487da78db1490c1aee12eb806925363678188034dabc1983c27d6eac4
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
41/72

malicious
8/37

malicious
27/48

IPs

IP Country Detection
173.201.192.101
United States
173.201.192.229
United States

Domains

Name IP Detection
smtpout.secureserver.net
173.201.192.101

URLs

Name Detection
https://gPqeS3FV3r6l.c
https://gPqeS3FV3r6l.com
http://secure.globalsign.net/cacert/PrimObject.crt0
Click to see the 16 hidden entries
http://secure.globalsign.net/cacert/ObjectSign.crt09
https://certs.starfieldtech.com/repository/0
http://certificates.starfieldtech.com/repository/0
http://www.autoitscript.com/autoit3/0
http://certs.starfieldtech.com/repository/1402
http://crl.starfieldtech.com/sfroot-g2.crl0L
http://ocsp.starfieldtech.com/08
http://www.globalsign.net/repository09
http://crl.starfieldtech.com/sfroot.crl0L
http://ocsp.starfieldtech.com/0;
http://crl.starfieldtech.com/sfig2s1-126.crl0c
http://smtpout.secureserver.net
http://certificates.starfieldtech.com/repository/sfig2.crt0
http://www.globalsign.net/repository/0
http://www.globalsign.net/repository/03
http://ocsp.starfieldtech.com/0F

Dropped files

Name File Type Hashes Detection
C:\99353652\jjgdxemns.pif
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\99353652\epakbwnbnd.bin
ASCII text, with CRLF line terminators
#
Click to see the 66 hidden entries
C:\99353652\eucqhtvn.msc
ASCII text, with CRLF line terminators
#
C:\99353652\fmdnvuto.mp3
ASCII text, with CRLF line terminators
#
C:\99353652\fqjwae.icm
ASCII text, with CRLF line terminators
#
C:\99353652\gaapup.exe
ASCII text, with CRLF line terminators
#
C:\99353652\gega.docx
ASCII text, with CRLF line terminators
#
C:\99353652\ghvoi.xls
ASCII text, with CRLF line terminators
#
C:\99353652\hkfdnpxcuw.xls
ASCII text, with CRLF line terminators
#
C:\99353652\hqjaqw.ppt
ASCII text, with CRLF line terminators
#
C:\99353652\ibppwll.icm
ASCII text, with CRLF line terminators
#
C:\99353652\ieiebicos.msc
ASCII text, with CRLF line terminators
#
C:\99353652\irsoiwhu.xml
ASCII text, with CRLF line terminators
#
C:\99353652\jmpeqstvhe.bin
ASCII text, with CRLF line terminators
#
C:\99353652\johatnhaq.exe
ASCII text, with CRLF line terminators
#
C:\99353652\jxgdvsv.jpg
ASCII text, with CRLF line terminators
#
C:\99353652\ktlhwirsh.dll
ASCII text, with CRLF line terminators
#
C:\99353652\lvgstr.cpl
ASCII text, with very long lines, with CRLF line terminators
#
C:\99353652\mcgt.bmp
ASCII text, with CRLF line terminators
#
C:\99353652\mhxcn.dll
ASCII text, with CRLF line terminators
#
C:\99353652\mnqsjjjf.icm
ASCII text, with CRLF line terminators
#
C:\99353652\mqnhend.dat
ASCII text, with CRLF line terminators
#
C:\99353652\mtfecnhamb.docx
ASCII text, with CRLF line terminators
#
C:\99353652\muqdrgw.xls
ASCII text, with CRLF line terminators
#
C:\99353652\nakts.cpl
ASCII text, with CRLF line terminators
#
C:\99353652\nqip.xml
ASCII text, with CRLF line terminators
#
C:\99353652\ntpnetqvp.ini
ASCII text, with CRLF line terminators
#
C:\99353652\ppdnrnnx.bin
ASCII text, with CRLF line terminators
#
C:\99353652\pwxugfbil.xml
ASCII text, with CRLF line terminators
#
C:\99353652\qdunasc.jpg
ASCII text, with CRLF line terminators
#
C:\99353652\qjbkr.pdf
ASCII text, with CRLF line terminators
#
C:\99353652\rdmeg.ini
ASCII text, with CRLF line terminators
#
C:\99353652\rtmas.bin
ASCII text, with CRLF line terminators
#
C:\99353652\sgcchuvgm.bin
ASCII text, with CRLF line terminators
#
C:\99353652\sscth.dat
ASCII text, with CRLF line terminators
#
C:\99353652\stawxdsilx.bmp
ASCII text, with CRLF line terminators
#
C:\99353652\svddq.xml
ASCII text, with CRLF line terminators
#
C:\99353652\sxmbtaw.mp3
ASCII text, with CRLF line terminators
#
C:\99353652\tbfsrt.pdf
ASCII text, with CRLF line terminators
#
C:\99353652\tblndvbb.vek
data
#
C:\99353652\twnsax.jpg
ASCII text, with CRLF line terminators
#
C:\99353652\ujpaighbw.icm
ASCII text, with CRLF line terminators
#
C:\99353652\vilcnb.cpl
ASCII text, with CRLF line terminators
#
C:\99353652\vwwcijmvc.ico
ASCII text, with CRLF line terminators
#
C:\99353652\vxvrft.bin
ASCII text, with CRLF line terminators
#
C:\99353652\whgcpxh.pdf
ASCII text, with CRLF line terminators
#
C:\99353652\wjhiwemsvc.vbs
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\99353652\wjphga.xml
ASCII text, with CRLF line terminators
#
C:\99353652\xbnxxqau.ico
ASCII text, with CRLF line terminators
#
C:\99353652\xcuicnct.xl
ASCII text, with CRLF line terminators
#
C:\99353652\xocm.log
ASCII text, with CRLF line terminators
#
C:\Users\user\temp\lvgstr.cpl
ASCII text, with CRLF line terminators
#
C:\99353652\acdabhux.exe
ASCII text, with CRLF line terminators
#
C:\99353652\aeiir.icm
ASCII text, with CRLF line terminators
#
C:\99353652\ajnfjiql.ico
ASCII text, with CRLF line terminators
#
C:\99353652\amrq.ico
ASCII text, with CRLF line terminators
#
C:\99353652\arox.xl
ASCII text, with CRLF line terminators
#
C:\99353652\bhnvpaakbh.ico
ASCII text, with CRLF line terminators
#
C:\99353652\bndko.xml
ASCII text, with CRLF line terminators
#
C:\99353652\bodo.exe
ASCII text, with CRLF line terminators
#
C:\99353652\bvfljigxe.ppt
ASCII text, with CRLF line terminators
#
C:\99353652\ccklik.txt
ASCII text, with CRLF line terminators
#
C:\99353652\cwuwhdlt.docx
ASCII text, with CRLF line terminators
#
C:\99353652\dbls.ico
ASCII text, with CRLF line terminators
#
C:\99353652\dkvt.ico
ASCII text, with CRLF line terminators
#
C:\99353652\ecjaxsemoa.xml
ASCII text, with CRLF line terminators
#
C:\99353652\eeodnwkuw.jpg
ASCII text, with CRLF line terminators
#
C:\99353652\enxlqri.ini
ASCII text, with CRLF line terminators
#