Register Login

sloganpng

top title background image

FriKanya.exe

Status: finished

Submission Time: 2020-07-31 18:15:40 +02:00

Malicious

Trojan

Spyware

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
255479
API (Web) ID:
406382
Analysis Started:

2020-08-01 00:58:12 +02:00
Analysis Finished:

2020-08-01 01:08:14 +02:00
MD5:
9b65bdf577ccfeacc1abb78248f96fc4
SHA1:
0e2c6bf9dcbfdd7b32e0c8498256ba5f58da6099
SHA256:
02261d11f15d4b62340ceed9b3ab2e1520ed3206ba85331be8a775426969ba1d
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
107.180.12.39	United States
18.214.132.216	United States

Domains

Name	IP	Detection
mail.cam-asean.com	107.180.12.39
asf-ris-prod-neurope.northeurope.cloudapp.azure.com	168.63.67.155
checkip.us-east-1.prod.check-ip.aws.a2z.com	18.214.132.216
Click to see the 2 hidden entries
g.msn.com	0.0.0.0
checkip.amazonaws.com	0.0.0.0

URLs

Name	Detection
http://23J2KZ396ROywv.net
http://checkip.us-east-1.prod.check-ip.aws.a2z.com
http://23J2KZ396ROywv.netB8
Click to see the 5 hidden entries
http://checkip.amazonaws.com4ElT
http://mail.cam-asean.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://checkip.amazonaws.com
http://checkip.amazonaws.com/

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\AddInProcess32.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\MyKanyAasean\MyKanyAasean.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FriKanya.exe.log	ASCII text, with CRLF line terminators	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MyKanyAasean.exe.log	ASCII text, with CRLF line terminators	#