flash

Financial draft.xlsx

Status: finished
Submission Time: 20.11.2020 11:15:33
Malicious
Trojan
Adware
Spyware
Exploiter
Evader
AgentTesla

Comments

Tags

  • AgentTesla
  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    321109
  • API (Web) ID:
    544031
  • Analysis Started:
    20.11.2020 11:15:35
  • Analysis Finished:
    20.11.2020 11:23:38
  • MD5:
    ab27f33e05cefb65852553e146ab64d3
  • SHA1:
    84be9c788eb8738937a1cfaae79bf72e0574c20b
  • SHA256:
    66daf72a5b7e2e88cdcecc5c19010fd7ad61d24f70792b5d8d7b719a08a6de68
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
13/37

malicious
18/29

malicious

malicious

IPs

IP Country Detection
192.210.214.146
United States

URLs

Name Detection
http://192.210.214.146/new.exe
http://192.210.214.146/webpanel-majorboy1/inc/8d7b442291cce3.php
https://management.azure.com/Chttps://login.microsoftonline.com
Click to see the 19 hidden entries
http://127.0.0.1:HTTP/1.1
http://DynDns.comDynDNS
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
https://login.microsoftonline.com
https://management.azure.com/subscriptions/
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
https://api.telegram.org/bot%telegramapi%/
http://192.210.214.146P
https://management.azure.com/
http://192.210.214.146
http://o0VOknSTi6os4KGPlT.net
http://www.%s.comPA
http://ns.a
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://192.210.214.146/webpanel-majorboy1/inc/8d7b442291cce3.php127.0.0.1POST
https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://cNhFXD.com
https://api.ipify.orgGETMozilla/5.0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\new[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\~$Financial draft.xlsx
data
#
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 3 hidden entries
C:\Windows\System32\drivers\etc\hosts
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\bjkher0q.t03\Chrome\Default\Cookies
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Roaming\bjkher0q.t03\Firefox\Profiles\7xwghk55.default\cookies.sqlite
SQLite 3.x database, user version 7, last written using SQLite version 3017000
#