top title background image
flash

Financial draft.xlsx

Status: finished
Submission Time: 2020-11-20 11:15:33 +01:00
Malicious
Trojan
Adware
Spyware
Exploiter
Evader
AgentTesla

Comments

Tags

  • AgentTesla
  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    321109
  • API (Web) ID:
    544031
  • Analysis Started:
    2020-11-20 11:15:35 +01:00
  • Analysis Finished:
    2020-11-20 11:23:38 +01:00
  • MD5:
    ab27f33e05cefb65852553e146ab64d3
  • SHA1:
    84be9c788eb8738937a1cfaae79bf72e0574c20b
  • SHA256:
    66daf72a5b7e2e88cdcecc5c19010fd7ad61d24f70792b5d8d7b719a08a6de68
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 13/37
malicious
Score: 18/29
malicious
malicious

IPs

IP Country Detection
192.210.214.146
United States

URLs

Name Detection
http://192.210.214.146/webpanel-majorboy1/inc/8d7b442291cce3.php
http://192.210.214.146/new.exe
http://o0VOknSTi6os4KGPlT.net
Click to see the 19 hidden entries
https://api.ipify.orgGETMozilla/5.0
http://cNhFXD.com
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
http://192.210.214.146/webpanel-majorboy1/inc/8d7b442291cce3.php127.0.0.1POST
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://ns.a
http://www.%s.comPA
https://management.azure.com/Chttps://login.microsoftonline.com
http://192.210.214.146
https://management.azure.com/
http://192.210.214.146P
https://api.telegram.org/bot%telegramapi%/
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
https://management.azure.com/subscriptions/
https://login.microsoftonline.com
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://DynDns.comDynDNS
http://127.0.0.1:HTTP/1.1

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\new[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\~$Financial draft.xlsx
data
#
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 3 hidden entries
C:\Windows\System32\drivers\etc\hosts
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\bjkher0q.t03\Chrome\Default\Cookies
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Roaming\bjkher0q.t03\Firefox\Profiles\7xwghk55.default\cookies.sqlite
SQLite 3.x database, user version 7, last written using SQLite version 3017000
#