Register Login

sloganpng

top title background image

Uva1RyibMqkKwT0.exe

Status: finished

Submission Time: 2020-08-11 16:31:36 +02:00

Malicious

Trojan

Spyware

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
262035
API (Web) ID:
419329
Analysis Started:

2020-08-11 23:00:19 +02:00
Analysis Finished:

2020-08-11 23:15:02 +02:00
MD5:
38a9e66dcfb9b51c8b0f0e421ee54807
SHA1:
718d99f3f6942dfb1259a918684e7bab247d834f
SHA256:
9dd3c076a2e85f8c34caef224c32dc3c9ff2e3d5c00b060a557095b98d751127
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
208.91.198.143	United States
208.91.199.225	United States

Domains

Name	IP	Detection
smtp.annlap.com	0.0.0.0
us2.smtp.mailhostbox.com	208.91.198.143

URLs

Name	Detection
https://ksn1YQi22c0.n
https://ksn1YQi22c0.net
https://ksn1YQi22c0.netx
Click to see the 3 hidden entries
http://smtp.annlap.com
http://us2.smtp.mailhostbox.com
https://ksn1YQi22c0.net1-5-21-3853321935-2125563209-4053062332-1002_Classes

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Uva1RyibMqkKwT0.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\newapp\newapp.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\newapp\newapp.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\newapp.exe.log	ASCII text, with CRLF line terminators	#