flash

FriKanya.exe

Status: finished
Submission Time: 31.07.2020 18:15:40
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

  • AgentTesla
  • exe

Details

  • Analysis ID:
    255479
  • API (Web) ID:
    406382
  • Analysis Started:
    01.08.2020 00:58:12
  • Analysis Finished:
    01.08.2020 01:08:14
  • MD5:
    9b65bdf577ccfeacc1abb78248f96fc4
  • SHA1:
    0e2c6bf9dcbfdd7b32e0c8498256ba5f58da6099
  • SHA256:
    02261d11f15d4b62340ceed9b3ab2e1520ed3206ba85331be8a775426969ba1d
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

IPs

IP Country Detection
107.180.12.39
United States
18.214.132.216
United States

Domains

Name IP Detection
mail.cam-asean.com
107.180.12.39
asf-ris-prod-neurope.northeurope.cloudapp.azure.com
168.63.67.155
checkip.us-east-1.prod.check-ip.aws.a2z.com
18.214.132.216
Click to see the 2 hidden entries
g.msn.com
0.0.0.0
checkip.amazonaws.com
0.0.0.0

URLs

Name Detection
http://23J2KZ396ROywv.net
http://checkip.us-east-1.prod.check-ip.aws.a2z.com
http://23J2KZ396ROywv.netB8
Click to see the 5 hidden entries
http://checkip.amazonaws.com4ElT
http://mail.cam-asean.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://checkip.amazonaws.com
http://checkip.amazonaws.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\AddInProcess32.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\MyKanyAasean\MyKanyAasean.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FriKanya.exe.log
ASCII text, with CRLF line terminators
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MyKanyAasean.exe.log
ASCII text, with CRLF line terminators
#