=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

Dhl recent package delivery report needs attention.exe

Status: finished
Submission Time: 2022-05-14 15:09:31 +02:00
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

  • AgentTesla
  • DHL
  • exe
  • Telegram

Details

  • Analysis ID:
    626595
  • API (Web) ID:
    994102
  • Analysis Started:
    2022-05-14 15:09:37 +02:00
  • Analysis Finished:
    2022-05-14 15:20:21 +02:00
  • MD5:
    163d3bc2c523dc10c959474aa3f69d56
  • SHA1:
    5338e0aaea69b582d22ff624b4a9fd4efc9eb707
  • SHA256:
    1040411f26f6464fb485e92e74c08c559a6feb9bed0eadc44e831a08c80e8a01
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
15/41

IPs

IP Country Detection
149.154.167.220
United Kingdom

Domains

Name IP Detection
api.telegram.org
149.154.167.220

URLs

Name Detection
http://www.smartassembly.com/webservices/Reporting/UploadReport2v
http://127.0.0.1:HTTP/1.1
http://hEsAGj.com
Click to see the 16 hidden entries
https://api.telegram.org/bot5279095555:AAE4HwAzPbUle9whPqEu6faWeNRU-6BRHps/
https://dafa.fa
https://api.telegram.org4Hkp
https://api.telegram.org
http://www.smartassembly.com/webservices/Reporting/L
https://api.telegram.org/bot5279095555:AAE4HwAzPbUle9whPqEu6faWeNRU-6BRHps/sendDocument
http://www.smartassembly.com/webservices/Reporting/UploadReport2
https://api.telegram.org/bot5279095555:AAE4HwAzPbUle9whPqEu6faWeNRU-6BRHps/sendDocumentdocument-----
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www
http://DynDns.comDynDNSnamejidpasswordPsi/Psi
http://www.red-gate.com/products/dotnet-development/smartassembly/?utm_source=smartassemblyui&utm_me
https://uyuDgc6hArJiFp.org
http://api.telegram.org
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.smartassembly.com/webservices/UploadReportLogin/
http://www.smartassembly.com/webservices/UploadReportLogin/GetServerURL

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Dhl recent package delivery report needs attention.exe.log
ASCII text, with CRLF line terminators
#