31.0.0 Emerald
IR
387666
CloudBasic
14:02:16
15/04/2021
faktura_ODfk0021.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
b7b1644fce14205acecbe822df95749a
4cbfa9cf4b8dc27bf2b2a2463761092d5c2402e7
f760c40ea4cca84e06c511f96c8d43525350e3f52c97c1baa30528d9c4fbcfec
Win32 Executable (generic) a (10002005/4) 99.15%
true
false
false
false
100
0
100
5
0
5
false
172.217.23.33
googlehosted.l.googleusercontent.com
false
172.217.23.33
doc-0s-04-docs.googleusercontent.com
false
unknown
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Found malware configuration
Potential malicious icon found
Yara detected AgentTesla
Yara detected GuLoader