File name: | Request for Quotation AGP Global Group LLC No._219007290.rar |
Full analysis: | https://app.any.run/tasks/e109f8de-309d-47bb-b65b-61c733a2c7f3 |
Verdict: | Malicious activity |
Threats: | Agent Tesla is spyware that collects information about the actions of its victims by recording keystrokes and user interactions. It is falsely marketed as a legitimate software on the dedicated website where this malware is sold. |
Analysis date: | September 18, 2019, 17:37:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | EE435AE603E686373CD0ED990359A1C5 |
SHA1: | F293CEB8D75E38839E8D87E49860FE23951F8D64 |
SHA256: | DD46E00B91F5105FB8A296A41D7129A7742D9FF04EE1990FA3E9DA30EC6C96DB |
SSDEEP: | 24576:niF4t+1z4vkm70pwwh6F0/PbPrmspxiIPL2x7:iF4Ymvkm7AwAzLCIx76F |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3500 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Request for Quotation AGP Global Group LLC No._219007290.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3476 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3500.29430\Request for Quotation AGP Global Group LLC No. 219007290.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3500.29430\Request for Quotation AGP Global Group LLC No. 219007290.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM | ||||
2660 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Request for Quotation AGP Global Group LLC No. 219007290.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Assembly Registration Utility Version: 4.7.3062.0 built by: NET472REL1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2660 | RegAsm.exe | C:\Users\admin\AppData\Roaming\vperriut.mcg.zip | — | |
MD5:— | SHA256:— | |||
2660 | RegAsm.exe | C:\Users\admin\AppData\Roaming\vperriut.mcg\Chrome\Default\Cookies | sqlite | |
MD5:DD9640AF5F03807CF2E3921CBA16AF0D | SHA256:ECF72C454FEF08C5948A565464839A554567E499F995483D6C8B54B32EA2C5F0 | |||
3500 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3500.29430\Request for Quotation AGP Global Group LLC No. 219007290.exe | executable | |
MD5:21F36AC47E1C78743CE7FD55DF9DB3F9 | SHA256:1F9835C8B503BE32E071CCE007EF18AFC555E290051369AC8F7BBC1F98A1D1BD | |||
2660 | RegAsm.exe | C:\Users\admin\AppData\Local\Temp\637044287153026250_a4edbdb8-2c7d-41e4-bb03-87afd8fc0fef.db | sqlite | |
MD5:0B3C43342CE2A99318AA0FE9E531C57B | SHA256:0CCB4915E00390685621DA3D75EBFD5EDADC94155A79C66415A7F4E9763D71B8 | |||
3476 | Request for Quotation AGP Global Group LLC No. 219007290.exe | C:\AppData\poqexec\igfxHK.bat | executable | |
MD5:3F73274C58D1D2D1B08FEDE2B1DA6631 | SHA256:9A75F12AF2939C9323B6508858505C9E8E6E74F632B91112C6B42701AD29C032 | |||
2660 | RegAsm.exe | C:\Users\admin\AppData\Roaming\vperriut.mcg\Firefox\Profiles\qldyz51w.default\cookies.sqlite | sqlite | |
MD5:7C426E0FC19063A433349CE713DA84A0 | SHA256:9925B2D80F8A85132EF4927979B25E0B9525E8317A71FFD844980B794B04234C | |||
3476 | Request for Quotation AGP Global Group LLC No. 219007290.exe | C:\Users\Public\njohrcjqxifqrgrajtlj.vbs | text | |
MD5:F48248FB205175ED6FBE9741DD43EDB2 | SHA256:F55CEB62D984098186F80168FB58C17EFED53AB6679B81B4B8AB40BF6DB6C3D0 | |||
2660 | RegAsm.exe | C:\Users\admin\AppData\Roaming\MyApp\MyApp.exe | executable | |
MD5:B58B926C3574D28D5B7FDD2CA3EC30D5 | SHA256:6E70B56D748C4CCAB13CC8A055D3795EA0DD95FE3B70568D7D3AC0C6621140A3 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2660 | RegAsm.exe | GET | 200 | 18.214.132.216:80 | http://checkip.amazonaws.com/ | US | text | 13 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2660 | RegAsm.exe | 18.214.132.216:80 | checkip.amazonaws.com | — | US | shared |
2660 | RegAsm.exe | 170.249.254.103:443 | www.goldenfuturepower5.com | Dallas Infrastructure Services, LLC | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.goldenfuturepower5.com |
| suspicious |
checkip.amazonaws.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
2660 | RegAsm.exe | A Network Trojan was detected | MALWARE [PTsecurity] AgentTesla IP Check |