Register Login

sloganpng

top title background image

FACTURA 3879843.xlsx

Status: finished

Submission Time: 2021-07-22 18:03:28 +02:00

Malicious

Trojan

Exploiter

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
452698
API (Web) ID:
820281
Analysis Started:

2021-07-22 18:17:10 +02:00
Analysis Finished:

2021-07-22 18:27:06 +02:00
MD5:
9ae3b1aa2c80f4e12e33569d7b5839df
SHA1:
8579f018a10f93cedbb73369fb8c7b66416d9846
SHA256:
82737660638921bf4d3e82bf4c059ec3cb0b61bd988365572bd4207b87ceb060
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report

malicious

Score: 18/60

malicious

Score: 13/46

IPs

IP	Country	Detection
198.12.91.148	United States

URLs

Name	Detection
http://198.12.91.148/oso.exe
http://pcLwYQ.com
http://127.0.0.1:HTTP/1.1
Click to see the 8 hidden entries
http://DynDns.comDynDNS
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://twitter.com/statuses/user_timeline.xml?screen_name=
http://www.day.com/dam/1.0
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://api.twitter.com/1/direct_messages.xml?since_id=

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\oso[1].exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\Desktop\~$FACTURA 3879843.xlsx	data	#
C:\Users\Public\vbc.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 10 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2A2F8885.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\53902E5A.png	PNG image data, 816 x 552, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\593E6A20.jpeg	[TIFF image data, big-endian, direntries=4], baseline, precision 8, 654x513, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\69CBECC2.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6F70F52E.png	PNG image data, 816 x 552, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9BEAC757.jpeg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B9C2427D.png	PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BEA251DB.jpeg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C39423A1.png	PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EDD7C96C.jpeg	[TIFF image data, big-endian, direntries=4], baseline, precision 8, 654x513, frames 3	#