flash

NEW RFQ.exe

Status: finished
Submission Time: 31.07.2020 19:14:41
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

  • exe

Details

  • Analysis ID:
    255485
  • API (Web) ID:
    406434
  • Analysis Started:
    01.08.2020 01:04:38
  • Analysis Finished:
    01.08.2020 01:18:31
  • MD5:
    2b3645fa1dba023aa4f7a32b84242839
  • SHA1:
    ff913e68785f4aab041c85fce1e039087fc09757
  • SHA256:
    a7879f81b9af693705fbbda07a1a2a5ebfdcccc7b1184f70fd6d3285da9f2f2d
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

IPs

IP Country Detection
167.114.220.88
Canada

Domains

Name IP Detection
flsrnidth.com
167.114.220.88
mail.flsrnidth.com
0.0.0.0
g.msn.com
0.0.0.0

URLs

Name Detection
https://AXtxDU5WDMRP39.com
http://ocsp.int-x3.letsencrypR
http://crl.m
Click to see the 7 hidden entries
http://cps.letsencrypt.org0
http://cert.int-x3.letsencrypt.org/0
http://cert.int-x3.leO
http://ocsp.int-x3.letsencrypt.org0/
http://cps.root-x1.letsencrypt.org0
http://flsrnidth.com
http://mail.flsrnidth.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NEW RFQ.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\YYtJku\YYtJku.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\YYtJku\YYtJku.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\YYtJku.exe.log
ASCII text, with CRLF line terminators
#