top title background image
flash

New FedEx paper work review.exe

Status: finished
Submission Time: 2021-01-13 09:32:02 +01:00
Malicious
Trojan
Adware
Spyware
Evader
AgentTesla

Comments

Tags

  • AgentTesla
  • exe
  • FedEx

Details

  • Analysis ID:
    339030
  • API (Web) ID:
    579968
  • Analysis Started:
    2021-01-13 09:41:23 +01:00
  • Analysis Finished:
    2021-01-13 09:51:47 +01:00
  • MD5:
    c359c954a7d104b0a1bde867f86e73a5
  • SHA1:
    e647c8aa88a7209463b0dd0daa733759a529806d
  • SHA256:
    306602e7317841b219d25b24ca14f9e50987fe9c9e48b3728bb548dea4557f9d
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 22/71
malicious
Score: 11/44

IPs

IP Country Detection
198.54.122.60
United States

Domains

Name IP Detection
mail.privateemail.com
198.54.122.60

URLs

Name Detection
https://jeQsgpMQfgg21VTI.net
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
http://127.0.0.1:HTTP/1.1
Click to see the 8 hidden entries
http://DynDns.comDynDNS
https://sectigo.com/CPS0
http://ocsp.sectigo.com0
http://mail.privateemail.com
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://TSGxUW.com
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\New FedEx paper work review.exe.log
ASCII text, with CRLF line terminators
#
C:\Windows\System32\drivers\etc\hosts
ASCII text, with CRLF line terminators
#