31.0.0 Red Diamond
IR
321297
CloudBasic
20:03:26
20/11/2020
mcsrXx9lfD.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
3d549885e44863c57f59eab47f2271cc
76c51be921ef41ff2596f3f882b91c8ede3713c7
1d9c8ee9be6e0ee20b600c71989292aa2efd0849611389e3121bae364d9d6adf
Win32 Executable (generic) a (10002005/4) 99.24%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Roaming\mmnabeka.1fc\Chrome\Default\Cookies
false
A7FE10DA330AD03BF22DC9AC76BBB3E4
1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
54.235.83.248
208.91.199.225
elb097307-934924932.us-east-1.elb.amazonaws.com
false
54.235.83.248
us2.smtp.mailhostbox.com
false
208.91.199.225
smtp.tzdieep.net
true
unknown
api.ipify.org
false
unknown
Contains functionality to detect sleep reduction / modifications
Machine Learning detection for sample
Maps a DLL or memory area into another process
May check the online IP address of the machine
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AgentTesla