Register Login

sloganpng

top title background image

shipping documents pdf,.exe

Status: finished

Submission Time: 2021-07-22 18:54:11 +02:00

Malicious

Trojan

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
452717
API (Web) ID:
820306
Analysis Started:

2021-07-22 18:54:12 +02:00
Analysis Finished:

2021-07-22 19:03:47 +02:00
MD5:
f0d2f3d209b220c52f1453c280574138
SHA1:
563ea7d4e0df7d834a498d662340d528d5dff3d1
SHA256:
16ca9330a520fa98fb78ba1fb3aef9e49ef6e0a9df70a696a239e9f4925d2714
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 7/46

URLs

Name	Detection
http://127.0.0.1:HTTP/1.1
http://dOXutE.com
https://api.ipify.org%GETMozilla/5.0
Click to see the 5 hidden entries
http://DynDns.comDynDNS
http://www.founder.com.cn/cn
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
https://api.ipify.org%
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\shipping documents pdf,.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpBA0E.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\GynJIbTtnNRSp.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\GynJIbTtnNRSp.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#