=
Joe Sandbox Cloud Basic
Register Login
sloganpng
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

RFQ_GGMC-Ref 12-01-2022.exe

Status: finished
Submission Time: 2022-01-12 08:58:19 +01:00
Malicious
Trojan
Evader
AgentTesla AsyncRAT Nanocore

Comments

Tags

  • AsyncRAT
  • exe

Details

  • Analysis ID:
    551470
  • API (Web) ID:
    918993
  • Analysis Started:
    2022-01-12 09:01:01 +01:00
  • Analysis Finished:
    2022-01-12 09:16:28 +01:00
  • MD5:
    9fd45110bad75cda6de67232014aeb6e
  • SHA1:
    a43016fa816afd1693fb7f266dd032fd7f061c35
  • SHA256:
    b586ca95ba9557f7ad2434d01f96ff191b77541670894df3b78aa3a8312ae092
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
18/68

IPs

IP Country Detection
89.238.150.43
 United Kingdom

URLs

Name Detection
http://www.fontbureau.com/designersG
http://igaeditor.sourceforge.net/wiki/
http://ati.amd.com/developer/compressonator.html
Click to see the 46 hidden entries
http://www.fontbureau.com/designers/?
https://sourceforge.net/project/showfiles.php?group_id=181663Mhttp://igaeditor.sourceforge.net/wiki/
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.radgametools.com/bnkdown.htm
http://developer.nvidia.com/object/dds_thumbnail_viewer.html
http://micolous.id.au/projects/bf21
http://www.tiro.com
http://www.fontbureau.com/designers
http://www.goodfont.co.kr
http://www.gimp.org/windows/
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.totalbf2142.com/forums/showthread.php?t=5342
https://sourceforge.net/svn/?group_id=181663
http://www.galapagosdesign.com/DPlease
http://micolous.id.au/projects/bf2142/.
http://www.fonts.com
http://www.sandoll.co.kr
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.sakkal.com
http://micolous.id.au
http://micolous.id.au/projects/bf2142/
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://igaeditor.sourceforge.net/
http://igaeditor.sourceforge.net/latest.txt
http://igaeJZ.so
http://www.pcgamingboards.com/smf/index.php?topic=129.msg279#msg279
http://igaeditor.sourceforge.net/ohttp://www.totalbf2142.com/forums/showthread.php?t=5342
http://www.carterandcone.coml
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://registry.gimp.org/plugin?id=4816
http://www.jiyu-kobo.co.jp/
https://sourceforge.net/project/showfiles.php?group_id=181663
http://www.fontbureau.com/designers8
http://developer.nvidia.com/object/photoshop_dds_plugins.html
http://developer.nvidia.com/object/photoshop_dds_plugins.htmlyhttp://developer.nvidia.com/object/dds
http://micolous.id.au/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ_GGMC-Ref 12-01-2022.exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\mozille.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\tmp71CD.tmp
 XML 1.0 document, ASCII text
 #
Click to see the 13 hidden entries
C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mozille.exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
 data
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2x3ucvgo.4eb.ps1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cfrruvyb.luy.psm1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_svjneimu.gkz.ps1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wqgzyu5l.f34.psm1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\tmpB8D1.tmp.bat
 DOS batch file, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmpCDE7.tmp
 XML 1.0 document, ASCII text
 #
C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe:Zone.Identifier
 ASCII text, with CRLF line terminators
 #
C:\Users\user\Documents\20220112\PowerShell_transcript.138727.F_iUYR88.20220112090240.txt
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\Documents\20220112\PowerShell_transcript.138727.fhx+G1tL.20220112090212.txt
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
\Device\Null
 ASCII text, with CRLF line terminators, with overstriking
 #