flash

SHIPMENT DOCUMENTS CI,PL.BL.pdf.exe

Status: finished
Submission Time: 17.10.2020 14:07:45
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

  • AgentTesla
  • exe

Details

  • Analysis ID:
    299670
  • API (Web) ID:
    494439
  • Analysis Started:
    17.10.2020 14:07:46
  • Analysis Finished:
    17.10.2020 14:15:17
  • MD5:
    751a08ca844f1ec61ccccc0f4b53a608
  • SHA1:
    1b02f9685b81e6038f81ebcaf15b57804fc22fe2
  • SHA256:
    80f45086395417ea3bda68a20d2fc5b0bc5050c000023d82544fd2b5b5a8ce89
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
19/71

malicious
8/48

URLs

Name Detection
http://127.0.0.1:HTTP/1.1
http://DynDns.comDynDNS
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
Click to see the 6 hidden entries
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://api.telegram.org/bot%telegramapi%/
https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://XsZjyO.com
https://api.ipify.orgGETMozilla/5.0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SHIPMENT DOCUMENTS CI,PL.BL.pdf.exe.log
ASCII text, with CRLF line terminators
#