Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

TACSAL.xlsx

Status: finished
Submission Time: 2021-01-27 09:12:51 +01:00
Malicious
Trojan
Spyware
Exploiter
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    344848
  • API (Web) ID:
    591612
  • Analysis Started:
    2021-01-27 09:14:23 +01:00
  • Analysis Finished:
    2021-01-27 09:22:54 +01:00
  • MD5:
    04295ba63eaeb18f062045b0d0106670
  • SHA1:
    daf3e6043fa67319bf7090cdc60bec6303c7f78e
  • SHA256:
    fbc7b775eaa32cdc8daffe7a3db74bc36e06bab32b53d5d65eceb76081f664cd
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 19/60
malicious

IPs

IP Country Detection
208.91.198.143
 United States
103.153.76.181
 unknown
208.91.199.225
 United States

Domains

Name IP Detection
suresb1sndyintercont.dns.army
 103.153.76.181
smtp.migeulez.com
 0.0.0.0
us2.smtp.mailhostbox.com
 208.91.199.225

URLs

Name Detection
http://suresb1sndyintercont.dns.army/receipst/winlog.exe
https://FTlR0ss5usK.net
http://127.0.0.1:HTTP/1.1
Click to see the 12 hidden entries
http://DynDns.comDynDNS
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://us2.smtp.mailhostbox.com
http://www.day.com/dam/1.0
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://smtp.migeulez.com
http://GhlhtO.com
https://api.ipify.org%GETMozilla/5.0
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://api.ipify.org%
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\Desktop\~$TACSAL.xlsx
 data
 #
C:\Users\Public\vbc.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
Click to see the 5 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\188B1E12.jpeg
 gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9CCDB2EB.jpeg
 gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E243FB15.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Roaming\x2nas2ex.vh2\Chrome\Default\Cookies
 SQLite 3.x database, last written using SQLite version 3032001
 #
C:\Users\user\AppData\Roaming\x2nas2ex.vh2\Firefox\Profiles\7xwghk55.default\cookies.sqlite
 SQLite 3.x database, user version 7, last written using SQLite version 3017000
 #