aNmkT4KLJX.exe

Status: finished

Submission Time: 2021-01-13 14:15:36 +01:00

Malicious

Trojan

Evader

AgentTesla

Comments

Details

Analysis ID:
339095
API (Web) ID:
580101
Analysis Started:

2021-01-13 14:15:37 +01:00
Analysis Finished:

2021-01-13 14:27:12 +01:00
MD5:
94cda3613a0dfe804f1dc90ebdf8ee57
SHA1:
2a9155ffbb0e340be4fe8f2e8ca062a702609bdf
SHA256:
768b5caad8d62776b0fcb3da17dc92e159fc2eb3c87990dc09573ee0d2001d92
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 76	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 15/70

malicious

Score: 6/46

IPs

IP	Country	Detection
104.23.98.190	United States

Domains

Name	IP	Detection
pastebin.com	104.23.98.190

URLs

Name	Detection
https://pastebin.comD8)l
http://127.0.0.1:HTTP/1.1
https://pastebin.comp:W
Click to see the 8 hidden entries
http://DynDns.comDynDNS
http://crl.m
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://pastebin.com
https://pastebin.com
https://pastebin.com/raw/W63zsRav
https://api.telegram.org/bot1440824094:AAEKwzzW--kPnTlDeEhK5etIjA9T8kCtNeQ/sendDocumentdocument-----

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t4z2pcnk.3ap.psm1	very short file (no magic)	#
C:\Users\user\Documents\20210113\PowerShell_transcript.579569.w_lVCWRt.20210113141647.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20210113\PowerShell_transcript.579569.ung+OIU2.20210113141650.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
Click to see the 28 hidden entries
C:\Users\user\Documents\20210113\PowerShell_transcript.579569.q5_UWuzH.20210113141638.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20210113\PowerShell_transcript.579569.ny7GsiEi.20210113141642.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20210113\PowerShell_transcript.579569.naFHM4Cp.20210113141645.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20210113\PowerShell_transcript.579569.jnqxhzUl.20210113141649.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20210113\PowerShell_transcript.579569.SCdrCCLk.20210113141644.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20210113\PowerShell_transcript.579569.LW9CFccy.20210113141637.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20210113\PowerShell_transcript.579569.L3RS+poA.20210113141647.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20210113\PowerShell_transcript.579569.KhHKusrY.20210113141645.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zvdgpzq3.h3e.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yf21kwgm.jix.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vxwmtava.qf4.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uubnooxc.aih.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_unnssgmx.g03.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sxgmzhyq.wz2.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s4ff54oe.lt4.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qirdxlpi.cyg.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mmwfbp33.jmq.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g542gylz.xkx.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fdxherb1.1cc.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e21oozgc.wyg.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d3blu52e.qn5.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cyezew2h.imw.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_55dhhdnu.f5j.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4ic2axnc.nlm.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2p1nvru5.fsj.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_23k00wie.bs2.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ll4232l.xtu.ps1	very short file (no magic)	#

aNmkT4KLJX.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

aNmkT4KLJX.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

aNmkT4KLJX.exe