sample2.exe

Status: finished

Submission Time: 2021-01-14 03:36:50 +01:00

Malicious

Trojan

Spyware

Evader

AgentTesla

Comments

Details

Analysis ID:
339443
API (Web) ID:
580814
Analysis Started:

2021-01-14 03:36:51 +01:00
Analysis Finished:

2021-01-14 03:50:14 +01:00
MD5:
b0f2d519ccae5bf1435264e0979770ce
SHA1:
212da7b3ed9c89d83941f6bb0dba889fa24f8f6a
SHA256:
a4fdc26d6b70eaf0a62cca36286412901f48881eae616d38b96d8ae0cb0f29c7
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 12/40

malicious

Score: 25/31

malicious

IPs

IP	Country	Detection
208.91.198.143	United States

Domains

Name	IP	Detection
us2.smtp.mailhostbox.com	208.91.198.143

URLs

Name	Detection
http://eu0j0ejPMgs9.com
http://www.founder.com.cn/cn
http://www.founder.com.cn/cnb
Click to see the 59 hidden entries
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://www.fontbureau.comF
http://www.founder.com.cn/cnLog
http://www.fontbureau.comsivFw
http://www.m.
http://www.sandoll.co.krt
http://www.tiro.comn
http://www.carterandcone.comi
http://www.carterandcone.comg
http://www.carterandcone.coml
http://www.founder.cT
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cnc
http://www.fontbureau.com/designers/frere-user.html
http://www.carterandcone.comhly
http://www.fontbureau.comueS
http://www.jiyu-kobo.co.jp/
http://www.tiro.comnm.
http://www.fontbureau.como
http://www.fontbureau.com/designers8
http://www.tiro.comm
http://www.fontbureau.comalic
http://www.fontbureau.com/designers;
http://www.founder.com.cn/cns-m
http://www.fontbureau.com/designers/
http://www.founder.com.cn/cn)
http://eu0j0ejPMgs9.com3853321935-2125563209-4053062332-1002_Classes
http://www.sajatypeworks.comK
http://www.fontbureau.comI.TTF
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.carterandcone.comep
http://www.tiro.com.
http://www.fontbureau.com/designers/frere-user.htmltF1
http://www.tiro.com
http://www.fontbureau.com/designers
http://www.fonts.comicx
http://www.fontbureau.comuec
http://www.fontbureau.com/designersZ
http://www.goodfont.co.kr
http://www.carterandcone.com
http://www.sajatypeworks.com
http://www.fontbureau.com/designersG
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.fontbureau.com/designersers
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.comM.TTFN
http://www.fonts.com
http://www.sandoll.co.kr
http://www.sandoll.co.krrad
http://www.urwpp.deDPlease
http://www.urwpp.de
http://www.zhongyicts.com.cn
http://www.sakkal.com

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\sample2.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\nwama\nwama.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nwama\nwama.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
Click to see the 7 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\nwama.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\1b4bluf2.tug.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Roaming\1b4bluf2.tug\Chrome\Default\Cookies	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Roaming\j0jrvzzu.5ob.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Roaming\j0jrvzzu.5ob\Chrome\Default\Cookies	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Roaming\y2nzgw3x.tiq.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Roaming\y2nzgw3x.tiq\Chrome\Default\Cookies	SQLite 3.x database, last written using SQLite version 3032001	#

sample2.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

sample2.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

sample2.exe