31.0.0 Red Diamond
IR
321142
CloudBasic
12:35:24
20/11/2020
fattura.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
ac16b512e9de9308fa69b78af1faed07
85eff7055833458712baa0facf48269317d38bff
2112f6c6abb4fe84e62fd5ff70f880413b3e54610535b1bd1e5d9ca64d6206f5
Win32 Executable (generic) Net Framework (10011505/4) 49.80%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fattura.exe.log
true
EE0BB4B63A030A0BF7087CB0AEBD07BC
9A4ADFB6336E22D49503B4B99FFC25A7882AE202
6CBBAF20B7871B931A8A0B1D54890DC0E6C9ED78E7DEC5E2AB2F6D12DF349DFF
162.222.226.70
greatdeck.co
true
162.222.226.70
mail.greatdeck.co
true
unknown
Installs a global keyboard hook
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: RegAsm connects to smtp port
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AgentTesla