Register Login

sloganpng

top title background image

PO-074-20-DM4.exe

Status: finished

Submission Time: 2020-09-16 15:27:05 +02:00

Malicious

Trojan

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
286361
API (Web) ID:
467898
Analysis Started:

2020-09-16 15:27:06 +02:00
Analysis Finished:

2020-09-16 15:34:23 +02:00
MD5:
04e761381caf955122a817f09ecb36b1
SHA1:
37d443dd00b448a9661f7728a1c620729b10ddcf
SHA256:
fc37e01bcc7919699ec81a825718d0639eaf85eef7e7b87111ff33b53fd09b0b
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 84	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 20/68

malicious

Score: 21/48

malicious

URLs

Name	Detection
http://127.0.0.1:HTTP/1.1
http://DynDns.comDynDNS
http://dPstTU.com
Click to see the 9 hidden entries
http://crl.thawte.com/ThawteTimestampingCA.crl0
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
https://api.telegram.org/bot%telegramapi%/
https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://ocsp.thawte.com0
https://api.ipify.orgGETMozilla/5.0

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO-074-20-DM4.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\b438b2b2-a27d-417f-8ec9-625540b311a1\g.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#