flash

New FedEx paper work review.exe

Status: finished
Submission Time: 13.01.2021 09:32:02
Malicious
Trojan
Adware
Spyware
Evader
AgentTesla

Comments

Tags

  • AgentTesla
  • exe
  • FedEx

Details

  • Analysis ID:
    339030
  • API (Web) ID:
    579968
  • Analysis Started:
    13.01.2021 09:41:23
  • Analysis Finished:
    13.01.2021 09:51:47
  • MD5:
    c359c954a7d104b0a1bde867f86e73a5
  • SHA1:
    e647c8aa88a7209463b0dd0daa733759a529806d
  • SHA256:
    306602e7317841b219d25b24ca14f9e50987fe9c9e48b3728bb548dea4557f9d
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
22/71

malicious
11/44

IPs

IP Country Detection
198.54.122.60
United States

Domains

Name IP Detection
mail.privateemail.com
198.54.122.60

URLs

Name Detection
https://jeQsgpMQfgg21VTI.net
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
http://127.0.0.1:HTTP/1.1
Click to see the 8 hidden entries
http://DynDns.comDynDNS
https://sectigo.com/CPS0
http://ocsp.sectigo.com0
http://mail.privateemail.com
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://TSGxUW.com
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\New FedEx paper work review.exe.log
ASCII text, with CRLF line terminators
#
C:\Windows\System32\drivers\etc\hosts
ASCII text, with CRLF line terminators
#