Register Login

sloganpng

top title background image

PO#2081777 FA2003084 SAP S4 HANA MYC20028.exe

Status: finished

Submission Time: 2020-09-16 14:57:51 +02:00

Malicious

Trojan

Spyware

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
286336
API (Web) ID:
467846
Analysis Started:

2020-09-16 14:57:52 +02:00
Analysis Finished:

2020-09-16 15:07:26 +02:00
MD5:
5534d71175a8ddc713bd487ad3c4e4ab
SHA1:
d2bf7ba7e59cef3c1b8556b44c9f1ad2845addf4
SHA256:
4d6a4c556af5a4e4a05ca5aadb976af1f792bb509cd17cf26aa2ca3081317e3c
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 13/66

malicious

Score: 9/48

URLs

Name	Detection
http://127.0.0.1:HTTP/1.1
http://DynDns.comDynDNS
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
Click to see the 6 hidden entries
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://api.telegram.org/bot%telegramapi%/
https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://ACTBLJ.com
https://api.ipify.orgGETMozilla/5.0

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO#2081777 FA2003084 SAP S4 HANA MYC20028.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpAD7.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\nqOncxA.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\nqOncxA.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#