Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MT Marine Tiger.exe

Overview

General Information

Sample name:MT Marine Tiger.exe
Analysis ID:1455418
MD5:730e2e475c3e7bb87ca8e53f7f31cfdf
SHA1:dc2b601e25719862f02be67becc9e499ad97d5ab
SHA256:faebc09f47203bbe599ac368f12622f38255e957d1435e6763c80bf2ebd988bf
Tags:exeSnakeKeylogger
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code references suspicious native API functions
AI detected suspicious sample
Machine Learning detection for sample
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • MT Marine Tiger.exe (PID: 5968 cmdline: "C:\Users\user\Desktop\MT Marine Tiger.exe" MD5: 730E2E475C3E7BB87CA8E53F7F31CFDF)
    • MT Marine Tiger.exe (PID: 2584 cmdline: "C:\Users\user\Desktop\MT Marine Tiger.exe" MD5: 730E2E475C3E7BB87CA8E53F7F31CFDF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "rightlut@valleycountysar.org", "Password": "fY,FLoadtsiF", "Host": "valleycountysar.org", "Port": "26"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x14781:$a1: get_encryptedPassword
      • 0x14a77:$a2: get_encryptedUsername
      • 0x1458d:$a3: get_timePasswordChanged
      • 0x14688:$a4: get_passwordField
      • 0x14797:$a5: set_encryptedPassword
      • 0x15da1:$a7: get_logins
      • 0x15d04:$a10: KeyLoggerEventArgs
      • 0x1599d:$a11: KeyLoggerEventArgsEventHandler
      00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x18128:$x1: $%SMTPDV$
      • 0x1818e:$x2: $#TheHashHere%&
      • 0x197b7:$x3: %FTPDV$
      • 0x198ab:$x4: $%TelegramDv$
      • 0x1599d:$x5: KeyLoggerEventArgs
      • 0x15d04:$x5: KeyLoggerEventArgs
      • 0x197db:$m2: Clipboard Logs ID
      • 0x199a7:$m2: Screenshot Logs ID
      • 0x19a73:$m2: keystroke Logs ID
      • 0x1997f:$m4: \SnakeKeylogger\
      00000000.00000002.1255274619.0000000005480000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
      • 0x4aa6b:$x1: In$J$ct0r
      Click to see the 15 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.MT Marine Tiger.exe.5480000.5.raw.unpackMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
      • 0x4aa6b:$x1: In$J$ct0r
      0.2.MT Marine Tiger.exe.5480000.5.unpackMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
      • 0x48c6b:$x1: In$J$ct0r
      0.2.MT Marine Tiger.exe.3cc7b70.2.unpackMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
      • 0x48c6b:$x1: In$J$ct0r
      2.2.MT Marine Tiger.exe.810000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        2.2.MT Marine Tiger.exe.810000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          Click to see the 40 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: MT Marine Tiger.exeAvira: detected
          Found malware configuration
          Source: 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "rightlut@valleycountysar.org", "Password": "fY,FLoadtsiF", "Host": "valleycountysar.org", "Port": "26"}
          Multi AV Scanner detection for submitted file
          Source: MT Marine Tiger.exeReversingLabs: Detection: 71%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: MT Marine Tiger.exeJoe Sandbox ML: detected

          Location Tracking

          barindex
          Tries to detect the country of the analysis system (by using the IP)
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49704 version: TLS 1.0
          Source: MT Marine Tiger.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: MT Marine Tiger.exe, 00000000.00000002.1255521425.0000000005620000.00000004.08000000.00040000.00000000.sdmp, MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 00CCF0B5h2_2_00CCEEC8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 00CCFA3Fh2_2_00CCEEC8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_00CCE3E8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E48945h2_2_04E48608
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E47751h2_2_04E474A8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E40741h2_2_04E40498
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E40FF1h2_2_04E40D48
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E48001h2_2_04E47D58
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E46171h2_2_04E45EC8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E458C1h2_2_04E45618
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E46A21h2_2_04E46778
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E40B99h2_2_04E408F0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E402E9h2_2_04E40040
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E472FAh2_2_04E47050
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E48459h2_2_04E481B0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E45441h2_2_04E45198
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E47BA9h2_2_04E47900
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E45D19h2_2_04E45A70
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E46E79h2_2_04E46BD0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_04E433A8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_04E433B8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 4x nop then jmp 04E465C9h2_2_04E46320

          Networking

          barindex
          Yara detected Generic Downloader
          Source: Yara matchFile source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
          Source: unknownDNS query: name: checkip.dyndns.org
          Source: unknownDNS query: name: checkip.dyndns.org
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49704 version: TLS 1.0
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/173.254.250.91 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
          Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
          Source: MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://103.130.147.85
          Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002908000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
          Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002908000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000028F5000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002946000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
          Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
          Source: MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
          Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002920000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
          Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002908000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002946000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
          Source: MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002908000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
          Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.91
          Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029F2000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029A8000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.00000000029B6000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002946000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002997000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.91$
          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
          Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 0.2.MT Marine Tiger.exe.5480000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.5480000.5.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
          Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.2cca430.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.2cc7bf0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
          Source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: 00000000.00000002.1255274619.0000000005480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects downloader injector Author: ditekSHen
          Source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
          Source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 0_2_012DF6D00_2_012DF6D0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 0_2_012DD3DC0_2_012DD3DC
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 0_2_012DF6C00_2_012DF6C0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CCC1F02_2_00CCC1F0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CC61682_2_00CC6168
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CCB3882_2_00CCB388
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CCC4D02_2_00CCC4D0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CC67902_2_00CC6790
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CCC7B12_2_00CCC7B1
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CC98B82_2_00CC98B8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CC4B312_2_00CC4B31
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CCBC322_2_00CCBC32
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CCCDB12_2_00CCCDB1
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CCEEC82_2_00CCEEC8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CCE3D92_2_00CCE3D9
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CCE3E82_2_00CCE3E8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CC35C82_2_00CC35C8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_00CCB5522_2_00CCB552
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4A4082_2_04E4A408
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4BD382_2_04E4BD38
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4B6E82_2_04E4B6E8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4D6702_2_04E4D670
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E486082_2_04E48608
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4B0A02_2_04E4B0A0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4D0282_2_04E4D028
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4C9D82_2_04E4C9D8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E411A02_2_04E411A0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4AA582_2_04E4AA58
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4C3882_2_04E4C388
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E48B582_2_04E48B58
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E474A82_2_04E474A8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E404882_2_04E40488
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E474972_2_04E47497
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E404982_2_04E40498
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E444302_2_04E44430
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E485F82_2_04E485F8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E40D482_2_04E40D48
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E47D482_2_04E47D48
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E47D582_2_04E47D58
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4BD302_2_04E4BD30
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E40D392_2_04E40D39
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E45EC82_2_04E45EC8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4B6D92_2_04E4B6D9
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E45EB82_2_04E45EB8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4D6682_2_04E4D668
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E456092_2_04E45609
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E456182_2_04E45618
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4676B2_2_04E4676B
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E467782_2_04E46778
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E437302_2_04E43730
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E408E02_2_04E408E0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E408F02_2_04E408F0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E478F02_2_04E478F0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E400402_2_04E40040
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E470402_2_04E47040
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E470502_2_04E47050
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E428072_2_04E42807
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E400132_2_04E40013
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E428182_2_04E42818
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4D0182_2_04E4D018
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4C9C82_2_04E4C9C8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E481A02_2_04E481A0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E481B02_2_04E481B0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E451982_2_04E45198
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E479002_2_04E47900
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E45A602_2_04E45A60
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E45A702_2_04E45A70
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4AA482_2_04E4AA48
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4A3F82_2_04E4A3F8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E46BC12_2_04E46BC1
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E46BD02_2_04E46BD0
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E433A82_2_04E433A8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E433B82_2_04E433B8
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E4C3782_2_04E4C378
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E463202_2_04E46320
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 2_2_04E463112_2_04E46311
          Source: MT Marine Tiger.exe, 00000000.00000000.1246433837.0000000000912000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAjlep.exe. vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameExample.dll0 vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exe, 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exe, 00000000.00000002.1255521425.0000000005620000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exe, 00000000.00000002.1253206246.0000000000E6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exe, 00000000.00000002.1255274619.0000000005480000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameExample.dll0 vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsftEdit.DLL.MUIj% vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\080904B0\\OriginalFilename vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exe, 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exe, 00000002.00000002.3710187557.00000000005D7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs MT Marine Tiger.exe
          Source: MT Marine Tiger.exeBinary or memory string: OriginalFilenameAjlep.exe. vs MT Marine Tiger.exe
          Source: 0.2.MT Marine Tiger.exe.5480000.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
          Source: 0.2.MT Marine Tiger.exe.5480000.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
          Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
          Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.MT Marine Tiger.exe.2cca430.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
          Source: 0.2.MT Marine Tiger.exe.2cc7bf0.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
          Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
          Source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 00000000.00000002.1255274619.0000000005480000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
          Source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
          Source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, -B-.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, -B-.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.MT Marine Tiger.exe.5480000.5.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, -B-.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, -B-.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
          Source: 0.2.MT Marine Tiger.exe.5480000.5.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
          Source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@2/2
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MT Marine Tiger.exe.logJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeMutant created: NULL
          Source: MT Marine Tiger.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: MT Marine Tiger.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002A98000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3726309278.00000000038CF000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002ACD000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002A7A000.00000004.00000800.00020000.00000000.sdmp, MT Marine Tiger.exe, 00000002.00000002.3725046193.0000000002A8A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: MT Marine Tiger.exeReversingLabs: Detection: 71%
          Source: unknownProcess created: C:\Users\user\Desktop\MT Marine Tiger.exe "C:\Users\user\Desktop\MT Marine Tiger.exe"
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess created: C:\Users\user\Desktop\MT Marine Tiger.exe "C:\Users\user\Desktop\MT Marine Tiger.exe"
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess created: C:\Users\user\Desktop\MT Marine Tiger.exe "C:\Users\user\Desktop\MT Marine Tiger.exe"Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: msftedit.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeFile opened: C:\Windows\SysWOW64\MsftEdit.DLLJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: MT Marine Tiger.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: MT Marine Tiger.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: MT Marine Tiger.exe, 00000000.00000002.1255521425.0000000005620000.00000004.08000000.00040000.00000000.sdmp, MT Marine Tiger.exe, 00000000.00000002.1254296165.0000000002C71000.00000004.00000800.00020000.00000000.sdmp
          Source: MT Marine Tiger.exeStatic PE information: 0xD3BA803B [Sat Jul 25 14:24:59 2082 UTC]
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeCode function: 0_2_05EFC41D push FFFFFF8Bh; iretd 0_2_05EFC41F
          Source: MT Marine Tiger.exeStatic PE information: section name: .text entropy: 7.519921721445499
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTR
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeMemory allocated: 12C0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeMemory allocated: 2C70000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeMemory allocated: 4C70000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeMemory allocated: CC0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeMemory allocated: 2840000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeMemory allocated: 2680000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599875Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599766Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599641Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599516Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599406Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599297Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599188Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599063Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598938Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598817Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598688Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598578Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598469Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598360Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598235Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598110Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597985Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597860Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597735Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597610Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597485Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597360Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597235Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597113Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596985Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596860Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596735Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596610Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596485Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596360Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596235Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596110Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595985Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595860Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595735Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595610Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595485Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595360Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595235Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595110Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594985Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594860Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594735Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594610Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594485Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594360Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594235Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594110Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 593985Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeWindow / User API: threadDelayed 1309Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeWindow / User API: threadDelayed 8510Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 6160Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -26747778906878833s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -600000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7568Thread sleep count: 1309 > 30Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -599875s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -599766s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7568Thread sleep count: 8510 > 30Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -599641s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -599516s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -599406s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -599297s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -599188s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -599063s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -598938s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -598817s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -598688s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -598578s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -598469s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -598360s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -598235s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -598110s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -597985s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -597860s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -597735s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -597610s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -597485s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -597360s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -597235s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -597113s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -596985s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -596860s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -596735s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -596610s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -596485s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -596360s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -596235s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -596110s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -595985s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -595860s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -595735s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -595610s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -595485s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -595360s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -595235s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -595110s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -594985s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -594860s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -594735s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -594610s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -594485s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -594360s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -594235s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -594110s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exe TID: 7564Thread sleep time: -593985s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599875Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599766Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599641Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599516Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599406Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599297Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599188Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 599063Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598938Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598817Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598688Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598578Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598469Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598360Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598235Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 598110Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597985Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597860Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597735Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597610Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597485Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597360Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597235Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 597113Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596985Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596860Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596735Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596610Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596485Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596360Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596235Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 596110Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595985Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595860Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595735Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595610Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595485Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595360Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595235Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 595110Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594985Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594860Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594735Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594610Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594485Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594360Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594235Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 594110Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeThread delayed: delay time: 593985Jump to behavior
          Source: MT Marine Tiger.exe, 00000002.00000002.3711612625.0000000000A5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll a
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          .NET source code references suspicious native API functions
          Source: 0.2.MT Marine Tiger.exe.2cc7bf0.0.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
          Source: 0.2.MT Marine Tiger.exe.2cc7bf0.0.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
          Source: 0.2.MT Marine Tiger.exe.2cc7bf0.0.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeProcess created: C:\Users\user\Desktop\MT Marine Tiger.exe "C:\Users\user\Desktop\MT Marine Tiger.exe"Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeQueries volume information: C:\Users\user\Desktop\MT Marine Tiger.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeQueries volume information: C:\Users\user\Desktop\MT Marine Tiger.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3725046193.0000000002A08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTR
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
          Source: C:\Users\user\Desktop\MT Marine Tiger.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: Yara matchFile source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 2.2.MT Marine Tiger.exe.810000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d57610.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d77e40.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d77e40.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3d57610.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MT Marine Tiger.exe.3cc7b70.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.3710301121.0000000000812000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3725046193.0000000002A08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1254671742.0000000003C79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.3725046193.0000000002841000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: MT Marine Tiger.exe PID: 5968, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: MT Marine Tiger.exe PID: 2584, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Native API          		1
          DLL Side-Loading          		11
          Process Injection          		1
          Masquerading          		1
          OS Credential Dumping          		1
          Security Software Discovery          		Remote Services1
          Email Collection          		11
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop Protocol11
          Archive Collected Data          		1
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Data from Local System          		2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput Capture13
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          System Network Configuration Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
          Obfuscated Files or Information          		Cached Domain Credentials13
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Timestomp          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          DLL Side-Loading          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.