31.0.0 Emerald
IR
356849
CloudBasic
17:48:31
23/02/2021
SecuriteInfo.com.Trojan.GenericKD.36362611.3113.2129
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
9dc97eaed4e61901afc327ce9f122262
41881d3463f4246d4d0146faf39703354bab83e9
4412624d06991fa64f684fcc6d66c787d040eaa12356885cf0a0919c732c82a3
Win32 Executable (generic) a (10002005/4) 99.94%
true
false
false
false
72
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\util[1].htm
false
30DFEA16E3383EF6817C8D377C8532C7
A013F6A3A593FCB4BCCD46B77F51F6B947FF01A7
5737A123F645DFDA18123167AD4679D4E0349DE1537CD95EAE05162322E1529C
88.80.20.20
190.115.26.106
62.75.198.178
88.80.21.20
144.76.12.6
194.54.82.13
194.54.82.12
47.91.94.99
bdns.im
false
194.54.82.12
bdns.by
false
88.80.20.20
bdns.nu
false
88.80.20.20
bdns.pro
false
194.54.82.12
bdns.io
false
190.115.26.106
bdns.co
false
88.80.21.20
dotbit.me
false
144.76.12.6
dolboeb1701.com
true
47.91.94.99
bdns.link
false
62.75.198.178
Machine Learning detection for sample
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)