flash

USD55,260.84_PAYMENT_ADVICE_NOTE_FROM_20.11.2020.EXE

Status: finished
Submission Time: 20.11.2020 11:16:28
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

  • EXE
  • HSBC
  • ModiLoader

Details

  • Analysis ID:
    321120
  • API (Web) ID:
    544037
  • Analysis Started:
    20.11.2020 11:25:44
  • Analysis Finished:
    20.11.2020 11:39:19
  • MD5:
    5d3d23738b2b4bb1f7fe3371ea7ecc76
  • SHA1:
    4e72608c340c7b18f4ff359552da57c9dee29e99
  • SHA256:
    21b054a3b319b950887eff329ebb237a5d442e6742e94d66d2ff17cd85f8d930
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
19/72

malicious
8/48

IPs

IP Country Detection
192.186.237.168
United States
162.159.136.232
United States
162.159.138.232
United States
Click to see the 2 hidden entries
162.159.135.233
United States
162.159.133.233
United States

Domains

Name IP Detection
suncurepelletmill.com
192.186.237.168
mail.suncurepelletmill.com
0.0.0.0
discord.com
162.159.138.232
Click to see the 1 hidden entries
cdn.discordapp.com
162.159.135.233

URLs

Name Detection
http://WuQXJFerpNu.net
https://cdn.discordapp.c
https://cdn.discordapp.com/attachments/7784816176054
Click to see the 25 hidden entries
http://127.0.0.1:HTTP/1.1
https://cdn.discordapp.com/attachments/778481617605492770/77
http://DynDns.comDynDNS
https://cdn.discordapp.com/attachments/778481617605492770/779193
https://cdn.discordapp.com/attachments/77848161760549277$
https://cdn.discordapp.com/attachments/778481617605492770/77919335445784
https://cdn.discordapp.com/attachments/77848
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
https://cdn.discordapp.com/attachments/7
https://cdn.discordapp.com/attachments/7784816178
http://suncurepelletmill.com
https://cdn.discordapp.com/attachments/778481617605492770/779193354457841664
http://hHeaxI.com
https://discord.com/
http://mail.suncurepelletmill.com
https://cdn.discordapp.com/attachments/778481617605492770/7791933544
https://cdn.discordapp.com/attachmen
https://cdn.discordapp.com/a
https://api.ipify.orgGETMozilla/5.0
https://cdn.discordapp.com/attac0
https://cdn.discordapp.com/attachments/778481617605492770/779193354457841664/OwdH
https://cdn.discorda
https://cdn.discordapp.com/attachments/778481617605492770/779193354457841664/Owdprrr
https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
https://cdn.disc8

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Owdpdrv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Owdprrr[1]
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Owdprrr[1]
ASCII text, with very long lines, with no line terminators
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Owdprrr[2]
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\pdwO.url
MS Windows 95 Internet shortcut text (URL=<file:\\\C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Owdpdrv.exe>), ASCII text, with CRLF line terminators
#