Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

detalle_transferencia_14-03-2025_4845655.js

Status: finished
Submission Time: 2025-03-15 09:13:30 +01:00
Malicious
Trojan
Spyware
Exploiter
Evader
AgentTesla

Comments

Tags

  • AgentTesla
  • js

Details

  • Analysis ID:
    1639315
  • API (Web) ID:
    1639315
  • Analysis Started:
    2025-03-15 09:31:17 +01:00
  • Analysis Finished:
    2025-03-15 09:38:06 +01:00
  • MD5:
    9b7e8e5efc06624785dc83b7fc655bb1
  • SHA1:
    6fe31f99931210cea2c1a813e18a9b077f1d7eae
  • SHA256:
    c7fab89a328f3940ab4cd1de2d13a3aafd950e57ec9260273443571e66a7b567
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 13/60
malicious
Score: 14/24
malicious

IPs

IP Country Detection
176.65.144.3
 Germany
208.95.112.1
 United States

Domains

Name IP Detection
ip-api.com
 208.95.112.1

URLs

Name Detection
http://176.65.144.3/dev/money.ps1
http://176.65.144.3/dev/moneynew.exe
http://ip-api.com/line/?fields=hosting
Click to see the 22 hidden entries
http://nuget.org/NuGet.exe
https://oneget.org
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://aka.ms/pscore68
https://oneget.orgX
http://ip-api.com
https://nuget.org/nuget.exe
https://contoso.com/
http://ip-api.com/line/?fields=hostings
https://g.live.com/odclientsettings/Prod/C:
https://github.com/Pester/Pester
https://g.live.com/odclientsettings/ProdV2/C:
http://crl.ver)
http://ip-api.com/line/?fields=hostingf
https://contoso.com/Icon
http://176.65.144.3
https://contoso.com/License
http://www.apache.org/licenses/LICENSE-2.0.html
http://pesterbdd.com/images/Pester.png
https://account.dyn.com/
http://176.65.144.3/dev/moneynew.exeP
http://www.apache.org/licenses/LICENSE-2.0

Dropped files

Name File Type Hashes Detection
C:\Temp\WTRTRWFSHS.ps1
 ASCII text, with very long lines (54005), with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\JXCJKXCJHKJHXCJHKXCXCJHK.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #