Register Login

sloganpng

top title background image

SWIFT COPY.pdf.exe

Status: finished

Submission Time: 2021-05-12 19:43:03 +02:00

Malicious

Trojan

Spyware

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
412589
API (Web) ID:
780189
Analysis Started:

2021-05-12 19:53:31 +02:00
Analysis Finished:

2021-05-12 20:03:09 +02:00
MD5:
d01daeb6c9af5256a25dffe76a448f04
SHA1:
50aab2959bbc6d9e31eb477e6602ffbcb64343ce
SHA256:
490ae1eb1637910af1a69c6317ef81a47518b809f5b6da4b8f66d72582e25b9b
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 19/70

malicious

Score: 13/47

IPs

IP	Country	Detection
192.185.171.219	United States

Domains

Name	IP	Detection
mail.esquiresweaters.com	192.185.171.219

URLs

Name	Detection
http://127.0.0.1:HTTP/1.1
https://api.ipify.org%GETMozilla/5.0
http://DynDns.comDynDNS
Click to see the 6 hidden entries
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://hcVzVgyZjXO8egOI.net
https://api.ipify.org%
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
http://hsfZEB.com

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\SWIFT COPY.pdf.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmp15D1.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\bSlxGzdE.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\bSlxGzdE.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#