top title background image
flash

99feb78a_by_Libranalysis.xlsx

Status: finished
Submission Time: 2021-05-13 03:18:24 +02:00
Malicious
Trojan
Spyware
Exploiter
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    412910
  • API (Web) ID:
    780517
  • Analysis Started:
    2021-05-13 03:21:11 +02:00
  • Analysis Finished:
    2021-05-13 03:34:24 +02:00
  • MD5:
    99feb78ab55c66b871d8998b20528b61
  • SHA1:
    1c96f08e92401f2396ad0b074ca55049a773e4e0
  • SHA256:
    5f4e4fbde7ed003dc34954ee301977f697de1cd2d52beafd898023797ab47255
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 25/64
malicious
Score: 23/47

IPs

IP Country Detection
162.241.85.66
United States
185.239.243.112
Moldova Republic of

Domains

Name IP Detection
carbinz.gq
185.239.243.112
mail.orienttech.com.qa
162.241.85.66

URLs

Name Detection
http://carbinz.gq/modex/joewealthx.exe
http://127.0.0.1:HTTP/1.1
https://api.ipify.org%GETMozilla/5.0
Click to see the 9 hidden entries
http://DynDns.comDynDNS
http://www.%s.comPA
http://mail.orienttech.com.qa
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://yyfqMq.com
https://YbUuTY812ORW4eX3VhL.com
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
https://api.ipify.org%
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\joewealthx[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\Nwefile\Nwefile.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\joewealth28743.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 1 hidden entries
C:\Users\user\Desktop\~$99feb78a_by_Libranalysis.xlsx
data
#