Register Login

sloganpng

top title background image

NEW RFQ.exe

Status: finished

Submission Time: 2020-07-31 19:14:41 +02:00

Malicious

Trojan

Spyware

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
255485
API (Web) ID:
406434
Analysis Started:

2020-08-01 01:04:38 +02:00
Analysis Finished:

2020-08-01 01:18:31 +02:00
MD5:
2b3645fa1dba023aa4f7a32b84242839
SHA1:
ff913e68785f4aab041c85fce1e039087fc09757
SHA256:
a7879f81b9af693705fbbda07a1a2a5ebfdcccc7b1184f70fd6d3285da9f2f2d
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
167.114.220.88	Canada

Domains

Name	IP	Detection
flsrnidth.com	167.114.220.88
mail.flsrnidth.com	0.0.0.0
g.msn.com	0.0.0.0

URLs

Name	Detection
https://AXtxDU5WDMRP39.com
http://ocsp.int-x3.letsencrypR
http://crl.m
Click to see the 7 hidden entries
http://cps.letsencrypt.org0
http://cert.int-x3.letsencrypt.org/0
http://cert.int-x3.leO
http://ocsp.int-x3.letsencrypt.org0/
http://cps.root-x1.letsencrypt.org0
http://flsrnidth.com
http://mail.flsrnidth.com

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NEW RFQ.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\YYtJku\YYtJku.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\YYtJku\YYtJku.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\YYtJku.exe.log	ASCII text, with CRLF line terminators	#