flash

k6DAiaCGR7.exe

Status: finished
Submission Time: 10.06.2021 17:50:17
Malicious
Trojan
Evader
AgentTesla

Comments

Tags

  • exe

Details

  • Analysis ID:
    432730
  • API (Web) ID:
    800335
  • Analysis Started:
    10.06.2021 17:51:38
  • Analysis Finished:
    10.06.2021 18:03:14
  • MD5:
    821f46434e52277efb0826338c5db60c
  • SHA1:
    9ada012d5399d2b0b18db722a1aa3ed1b5759d56
  • SHA256:
    6b32b3f608d3e52a73bbb4aeac21eeb401b17edafc1b902344d897f059d55a52
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
22/46

URLs

Name Detection
http://www.fonts.comnl
http://127.0.0.1:HTTP/1.1
http://www.fontbureau.com/designersG
Click to see the 57 hidden entries
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.sajatypeworks.comn-u
http://www.tiro.com
https://go.micro$
http://www.fontbureau.com/designers
http://www.goodfont.co.kr
http://www.sajatypeworks.combli
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
http://www.fontbureau.comiona
http://www.sajatypeworks.com
http://www.sajatypeworks.comN
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.typography.net
http://www.typography.netiefi:
http://www.sandoll.co.krM
http://www.galapagosdesign.com/DPlease
https://api.ipify.org%GETMozilla/5.0
http://www.ascendercorp.com/typedesigners.html
http://www.fonts.com
http://www.sandoll.co.kr
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.sakkal.com
https://api.ipify.org%
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://www.galapagosdesign.com/
http://DynDns.comDynDNS
http://www.fontbureau.comF
http://www.fonts.comc
http://pesterbdd.com/images/Pester.png
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://www.apache.org/licenses/LICENSE-2.0.html
https://go.micro
http://www.typography.netrz
http://www.typography.netlique
http://www.typography.netK
https://github.com/Pester/Pester
http://www.sajatypeworks.comby
http://www.carterandcone.coml
http://www.founder.com.cn/cn/
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.sajatypeworks.comthe
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://QjfkEW.com
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.com/designers8
http://www.typography.netu
http://www.typography.netF7

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\k6DAiaCGR7.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmpEEC9.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\QypERSEhl.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ab1f0fij.1mx.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iamy1fvf.se3.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pbikxylw.ybh.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pil3vxv0.fqi.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_spdfylzy.10z.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ywthqgwv.4ra.psm1
very short file (no magic)
#
C:\Users\user\AppData\Roaming\QypERSEhl.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\Documents\20210610\PowerShell_transcript.878411.FwsK9FxV.20210610175251.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\Documents\20210610\PowerShell_transcript.878411.dtHbzUvE.20210610175247.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\Documents\20210610\PowerShell_transcript.878411.m_JoOwci.20210610175242.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#