=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

Bank TT slip.xlsx

Status: finished
Submission Time: 2022-05-13 16:56:05 +02:00
Malicious
Trojan
Adware
Exploiter
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    626166
  • API (Web) ID:
    993675
  • Analysis Started:
    2022-05-13 16:57:00 +02:00
  • Analysis Finished:
    2022-05-13 17:06:07 +02:00
  • MD5:
    2391e6aa319cba9248661674ac5f2105
  • SHA1:
    bbdb700fd74488cc9f3f3e4d66de6b1321ee94b0
  • SHA256:
    18fa3e8547f1b76b8a53b1169c4b3ed78f1a3efb77163e0698ae3b1faf7efb71
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
7/35

malicious
19/41

malicious

IPs

IP Country Detection
172.245.27.27
United States

Domains

Name IP Detection
api.telegram.org
149.154.167.220

URLs

Name Detection
http://172.245.27.27/SOA.exe
Http://172.245.27.27/SOA.exeK
http://172.245.27.27/SOA.exeX
Click to see the 11 hidden entries
http://172.245.27.27/SOA.exehhC:
Http://172.245.27.27/SOA.exej
http://172.245.27.27/SOA.exeB
http://127.0.0.1:HTTP/1.1
http://DynDns.comDynDNS
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/
https://api.ipify.org%GETMozilla/5.0
http://bLHfhV.com
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/sendDocumentdocument-----
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\SOA[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\~$Bank TT slip.xlsx
data
#
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 15 hidden entries
C:\Windows\System32\drivers\etc\hosts
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\18D80E7.png
PNG image data, 139 x 180, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\194FA29.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3095CF2A.png
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\317DF694.png
PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\63404123.png
PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A240C8.png
PNG image data, 139 x 180, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C1A95BC.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D45E828D.png
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DE3E0A16.png
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FD51471F.png
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Temp\~DF7445FC000D331A6E.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFBAFAEA404D417564.TMP
CDFV2 Encrypted
#
C:\Users\user\AppData\Local\Temp\~DFC691B0AA0E02487B.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFDAC05FDF80BA3ECF.TMP
data
#