=

We are hiring! Windows Kernel Developer (Remote), apply here!

Bank TT slip.xlsx

Status: finished

Submission Time: 2022-05-13 16:56:05 +02:00

Malicious

Trojan

Adware

Exploiter

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
626166
API (Web) ID:
993675
Analysis Started:

2022-05-13 16:57:00 +02:00
Analysis Finished:

2022-05-13 17:06:07 +02:00
MD5:
2391e6aa319cba9248661674ac5f2105
SHA1:
bbdb700fd74488cc9f3f3e4d66de6b1321ee94b0
SHA256:
18fa3e8547f1b76b8a53b1169c4b3ed78f1a3efb77163e0698ae3b1faf7efb71
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports

				System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)		100/100
						7/35
						19/41

IPs

IP	Country	Detection
172.245.27.27	United States

Domains

Name	IP	Detection
api.telegram.org	149.154.167.220

URLs

Name	Detection
http://172.245.27.27/SOA.exe
Http://172.245.27.27/SOA.exeK
http://172.245.27.27/SOA.exeX
Click to see the 11 hidden entries
http://172.245.27.27/SOA.exehhC:
Http://172.245.27.27/SOA.exej
http://172.245.27.27/SOA.exeB
http://127.0.0.1:HTTP/1.1
http://DynDns.comDynDNS
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/
https://api.ipify.org%GETMozilla/5.0
http://bLHfhV.com
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/sendDocumentdocument-----
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\SOA[1].exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\Desktop\~$Bank TT slip.xlsx	data	#
C:\Users\Public\vbc.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 15 hidden entries
C:\Windows\System32\drivers\etc\hosts	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\18D80E7.png	PNG image data, 139 x 180, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\194FA29.jpeg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3095CF2A.png	PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\317DF694.png	PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\63404123.png	PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A240C8.png	PNG image data, 139 x 180, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C1A95BC.jpeg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D45E828D.png	PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DE3E0A16.png	PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FD51471F.png	PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\~DF7445FC000D331A6E.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFBAFAEA404D417564.TMP	CDFV2 Encrypted	#
C:\Users\user\AppData\Local\Temp\~DFC691B0AA0E02487B.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFDAC05FDF80BA3ECF.TMP	data	#