Register Login

sloganpng

top title background image

SHIPMENT DOCUMENTS CI,PL.BL.pdf.exe

Status: finished

Submission Time: 2020-10-17 14:07:45 +02:00

Malicious

Trojan

Spyware

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
299670
API (Web) ID:
494439
Analysis Started:

2020-10-17 14:07:46 +02:00
Analysis Finished:

2020-10-17 14:15:17 +02:00
MD5:
751a08ca844f1ec61ccccc0f4b53a608
SHA1:
1b02f9685b81e6038f81ebcaf15b57804fc22fe2
SHA256:
80f45086395417ea3bda68a20d2fc5b0bc5050c000023d82544fd2b5b5a8ce89
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 19/71

malicious

Score: 8/48

URLs

Name	Detection
http://127.0.0.1:HTTP/1.1
http://DynDns.comDynDNS
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
Click to see the 6 hidden entries
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://api.telegram.org/bot%telegramapi%/
https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://XsZjyO.com
https://api.ipify.orgGETMozilla/5.0

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SHIPMENT DOCUMENTS CI,PL.BL.pdf.exe.log	ASCII text, with CRLF line terminators	#