flash

Catalog of our new order.xlsx

Status: finished
Submission Time: 20.11.2020 19:22:27
Malicious
Trojan
Exploiter
AgentTesla

Comments

Tags

  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    321291
  • API (Web) ID:
    544371
  • Analysis Started:
    20.11.2020 19:30:49
  • Analysis Finished:
    20.11.2020 19:38:08
  • MD5:
    f19674cfbff25cbd3f128ffd8e78c5c4
  • SHA1:
    07bf03f3b749c3d7f93758068f5a26c520279388
  • SHA256:
    02781481c25663e541fd70525609f84129fb57cf044e57c3e3410972267acc30
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
15/48

malicious

IPs

IP Country Detection
192.158.231.122
United States

URLs

Name Detection
http://192.158.231.122/light.exe
http://ns.a88
https://api.telegram.org/bot%telegramapi%/
Click to see the 1 hidden entries
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\light[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\~$Catalog of our new order.xlsx
data
#
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\15AE138F.jpeg
gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5E98F844.jpeg
gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\85EDDC46.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#