31.0.0 Emerald
IR
382018
CloudBasic
18:57:04
05/04/2021
BnJvVt951o.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
ae03a6f8fb74d401b403647d28e21574
6ee320cedc77499f5df9ae9c93ef42c0d91f3ce8
1ad1ff05930f27ef4b349c7a612235d1632ef7ceaa1a17adf7c7b3a97b40ca4d
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
96
0
100
5
0
5
false
152.89.236.214
198.199.114.69
192.168.2.1
104.236.246.93
178.210.51.222
115.78.95.230
201.251.43.69
45.33.54.74
209.141.41.136
87.106.136.232
Drops executables to the windows directory (C:\Windows) and starts them
Found evasive API chain (may stop execution after checking mutex)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for sample
Antivirus / Scanner detection for submitted sample
Detected Emotet e-Banking trojan
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Emotet