Register Login

sloganpng

top title background image

SecuriteInfo.com.BehavesLike.Win32.Generic.cc.exe

Status: finished

Submission Time: 2021-01-13 16:43:33 +01:00

Malicious

Trojan

Spyware

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
339176
API (Web) ID:
580272
Analysis Started:

2021-01-13 16:43:34 +01:00
Analysis Finished:

2021-01-13 16:53:43 +01:00
MD5:
b232b5c7754d932b07c0d47f934efbfe
SHA1:
7c3d92552f6ebab8956727beecaac5d22c87a55b
SHA256:
3311cea59262b019a69fb72b72a36fc8e55d48a0f14f853b3a52fc8740542e99
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 9/46

IPs

IP	Country	Detection
199.193.7.228	United States

Domains

Name	IP	Detection
smtp.privateemail.com	199.193.7.228

URLs

Name	Detection
https://wV71njTiOcKvohmw.org
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
http://127.0.0.1:HTTP/1.1
Click to see the 10 hidden entries
http://DynDns.comDynDNS
https://sectigo.com/CPS0
http://ocsp.sectigo.com0
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
https://api.ipify.org%GETMozilla/5.0
http://MLrjrg.com
http://ocsp.use3
https://api.ipify.org%
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://smtp.privateemail.com

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.BehavesLike.Win32.Generic.cc.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\jebez5tq.lzt\Chrome\Default\Cookies	SQLite 3.x database, last written using SQLite version 3032001	#