top title background image
flash

dd.exe

Status: finished
Submission Time: 2021-04-01 15:42:08 +02:00
Malicious
Ransomware
Trojan
Evader
AgentTesla GuLoader

Comments

Tags

Details

  • Analysis ID:
    380091
  • API (Web) ID:
    662313
  • Analysis Started:
    2021-04-01 15:42:09 +02:00
  • Analysis Finished:
    2021-04-01 15:52:55 +02:00
  • MD5:
    287073f3d2c3100ba375b7bf0db3b0d9
  • SHA1:
    8e09353697169cd3caaf49a008d53ade63b25526
  • SHA256:
    f32f7005937b4c94ff31996fde6a0843c05bfb47458ad29a15ddf3fb70c435d2
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP Country Detection
116.203.34.79
Germany
185.81.0.109
Italy
79.134.225.109
Switzerland

Domains

Name IP Detection
sogecoenergy.com
116.203.34.79
mariotessarollo.com
185.81.0.109
www.sogecoenergy.com
0.0.0.0

URLs

Name Detection
https://www.sogecoenergy.com/or/ag.bin
https://mariotessarollo.com/%
https://mariotessarollo.com/ot/ot.binhttps://www.sogecoenergy.com/ot/ot.bin
Click to see the 17 hidden entries
https://mariotessarollo.com/ot/ot.bin
https://mariotessarollo.com/or/ag.bin
https://mariotessarollo.com/
https://mariotessarollo.com/or/ag.binhttps://www.sogecoenergy.com/or/ag.bin
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://r3.i.lencr.org/05
https://www.sogecoenergy.com/ot/ot.bin
http://r3.o.lencr.org0
http://127.0.0.1:HTTP/1.1
https://api.ipify.org%GETMozilla/5.0
https://ma.yandex.com/
http://www.yandex.com
http://cps.letsencrypt.org0
https://www.sogecoenergy.com/ota.bin
http://DynDns.comDynDNS
http://aMDPVn.com
http://cps.root-x1.letsencrypt.org0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\ota.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Afkodedes8\asparagussens.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\Lageradministrationernes5\Hubey7.exe
data
#