=

FACTURAS.exe

Status: finished

Submission Time: 14.12.2021 09:37:47

Malicious

Trojan

Spyware

Evader

AgentTesla GuLoader

Comments

Tags

Details

Analysis ID:
539419
API (Web) ID:
906942
Analysis Started:

14.12.2021 09:38:19
Analysis Finished:

14.12.2021 10:01:58
MD5:
2332fdde9344114749db5496eef5f5f9
SHA1:
303c40dd112294dc012836be48eb38e8af056432
SHA256:
0e693b9dcb4ccb3e64cb61396447dd4e3871234b4af80c2d57e4fbc9b6268a61
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports
				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211		68/100
				System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 Run Condition: Suspected Instruction Hammering		100/100
						27/66
						13/34
						26/45

IPs

IP	Country	Detection
116.202.203.61	Germany
142.250.181.238	United States
142.250.186.33	United States

Domains

Name	IP	Detection
furteksdokuma.com.tr	116.202.203.61
mail.furteksdokuma.com.tr	0.0.0.0
drive.google.com	142.250.181.238
Click to see the 2 hidden entries
googlehosted.l.googleusercontent.com	142.250.186.33
doc-0g-7s-docs.googleusercontent.com	0.0.0.0

URLs

Name	Detection
https://doc-0g-7s-docs.googleusercontent.com/
http://127.0.0.1:HTTP/1.1
https://NlNlzv83nsnyVe.org
Click to see the 12 hidden entries
http://DynDns.comDynDNS
https://doc-0g-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gp8euu0g
https://sectigo.com/CPS0
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
https://drive.google.com/
https://support.google.com/chrome/?p=plugin_flash
http://furteksdokuma.com.tr
http://mail.furteksdokuma.com.tr
https://doc-0g-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gp8euu0gtvc992oi1h8j40de9a23dlvb/1639471800000/01707528263340534167/*/1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T?e=download
http://kFWRbv.com
https://NlNlzv83nsnyVe.orgt-
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\M9XgMRXaN30mgEl56ja236	data	#
C:\Users\user\AppData\Local\Temp\~DF03314C855DEECA48.TMP	Composite Document File V2 Document, Cannot read section info	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#