Register Login

sloganpng

top title background image

PRODUCT LIST _IMG.exe

Status: finished

Submission Time: 2020-09-24 17:45:48 +02:00

Malicious

Trojan

Spyware

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
289647
API (Web) ID:
474400
Analysis Started:

2020-09-24 17:45:48 +02:00
Analysis Finished:

2020-09-24 17:54:11 +02:00
MD5:
9a28fb8644f6c9413772f5bb0d41e2f0
SHA1:
bda74e1af9c7d634647fe4aacab9baf628f5a6bb
SHA256:
bc7988fcd34bc5f8313b980f83197c4e9e41437097e8911e2744388ad026bd1a
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 23/69

malicious

Score: 11/48

malicious

URLs

Name	Detection
http://127.0.0.1:HTTP/1.1
https://api.telegram.org/bot1322270726:AAE8ex2tDrvB9GA6y4VV0psQLtRL4yhRDdo/
http://DynDns.comDynDNS
Click to see the 11 hidden entries
http://crl.thawte.com/ThawteTimestampingCA.crl0
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://www.symauth.com/rpa00
http://ns.adobe.c
http://ocsp.thawte.com0
http://VNgxdn.com
https://api.telegram.org/bot1322270726:AAE8ex2tDrvB9GA6y4VV0psQLtRL4yhRDdo/sendDocumentdocument-----
http://www.symauth.com/cps0(
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
https://api.ipify.orgGETMozilla/5.0
https://api.telegra

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PRODUCT LIST _IMG.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\RegAsm.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\b1f92ac9-345d-4ee6-83d6-512dab76f3b9\i.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#