Play interactive tourEdit tour
Analysis Report New Text Document.exe
Overview
General Information
Sample Name: | New Text Document.exe |
Analysis ID: | 383843 |
MD5: | 4e79b531f4f6813cc8e21894a13c5537 |
SHA1: | addcb0a2aac14befcb9f8c9185e365c47a86b40c |
SHA256: | 9445838c51449888abaeac1c5d1953212a0205a6b4038e6a404ca752cbda3f2f |
Infos: | |
Errors
|
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Classification
Yara Overview |
---|
No yara matches |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: |
Source: | Classification label: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
14% | Virustotal | Browse |
Dropped Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.186.163 | unknown | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 383843 |
Start date: | 08.04.2021 |
Start time: | 10:59:37 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 0m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | New Text Document.exe |
Cookbook file name: | defaultandroidfilecookbook.jbs |
Analysis system description: | Android 9 (Pie) |
Run name: | No behavior, retry without instrumentation |
Analysis Mode: | default |
APK Instrumentation enabled: | false |
Detection: | MAL |
Classification: | mal48.andEXE@0/0@0/0 |
Warnings: | Show All
|
Errors: |
|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.662141005544995 |
TrID: |
|
File name: | New Text Document.exe |
File size: | 894976 |
MD5: | 4e79b531f4f6813cc8e21894a13c5537 |
SHA1: | addcb0a2aac14befcb9f8c9185e365c47a86b40c |
SHA256: | 9445838c51449888abaeac1c5d1953212a0205a6b4038e6a404ca752cbda3f2f |
SHA512: | aae6406f2feedfbae51433a697bbaf3d7a80570c0f86a1f5f9e09ac2699651049fbd882d27de21ede2ffa215e28ed73d8b3a16aca003c2213ebcfe421a581cde |
SSDEEP: | 24576:aAHnh+eWsN3skA4RV1Hom2KXMmHahxl5:th+ZkldoPK8YahV |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR.. |
Static APK Info |
---|
General | |
---|---|
Label: | |
Version Code: | |
Version Name: | |
Package Name: | |
Is Activity: | |
Is Receiver: | |
Is Service: | |
Requests System Level Permissions: | |
Play Store Compatible: |
Receivers |
---|
Permission Requested |
---|
Certificate |
---|
Name: | |
Issuer: | |
Subject: |
Resources |
---|
Name | Type | Size |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2021 10:59:54.121563911 CEST | 39602 | 443 | 192.168.2.30 | 142.250.186.163 |
APK Behavior |
---|
0 Executed Methods |
---|
0 Non-Executed Methods |
---|