32.0.0 Black Diamond
IR
404206
CloudBasic
19:54:48
04/05/2021
1g1NLI6i33.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
d0a8c2403c51ea96d820dcd443f1aaab
825a057b9218a956a632bdd563056be37bfc0c10
0c397ebc470f59440b6a317a88a2592c0b05057cea1ff2f31b9fdde549971aee
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\04v480yduj
false
52DE7375ECF6FDC72E9B19A88433E615
424EC30B0A0F389DBE3A529005BC68E62F21E129
A57F3187F23A8A700559ABA22514635A044B28EE740E4333D80340EDBE26EF3A
C:\Users\user\AppData\Local\Temp\161f8ahd30a3uiifxj4
false
4993BD43E04A3A15F927AF54BFD67749
14BC0147D9957452E8FC8E2ABA2290161DE5A36E
1EA6ACCD7C8BAA930BF4B127FFF9C2B8493D86789D2F4C8EAEE7A2F1849AEA89
C:\Users\user\AppData\Local\Temp\nsb55F1.tmp\jupf00qz2dn.dll
false
AD0988E9810DB71DBBF62EB34162BAEB
78465D48ECBDCB107B6DC1937D823DBE3E789318
2A344BC8389C27E68EF7BBEAAB1B98E580A9F42A1AD1EA6B2492D9635B7B5105
C:\Users\user\AppData\Local\Temp\nsg55C1.tmp
false
8B9B248ED4ADB4BA5259317DC9C0AC28
9AC1E37E65A9A2BD4F32BF4F89618BEAD8F9F9FB
41891B82C216709BAE67DBF48537B87829C0F91EFEB192E4F27BD3FADD51F078
C:\Users\user\AppData\Local\Temp\nsgAE9F.tmp
false
8B9B248ED4ADB4BA5259317DC9C0AC28
9AC1E37E65A9A2BD4F32BF4F89618BEAD8F9F9FB
41891B82C216709BAE67DBF48537B87829C0F91EFEB192E4F27BD3FADD51F078
C:\Users\user\AppData\Local\Temp\nsqAEDE.tmp\jupf00qz2dn.dll
false
AD0988E9810DB71DBBF62EB34162BAEB
78465D48ECBDCB107B6DC1937D823DBE3E789318
2A344BC8389C27E68EF7BBEAAB1B98E580A9F42A1AD1EA6B2492D9635B7B5105
C:\Users\user\AppData\Local\Temp\nsu90B8.tmp\jupf00qz2dn.dll
false
AD0988E9810DB71DBBF62EB34162BAEB
78465D48ECBDCB107B6DC1937D823DBE3E789318
2A344BC8389C27E68EF7BBEAAB1B98E580A9F42A1AD1EA6B2492D9635B7B5105
C:\Users\user\AppData\Local\Temp\nsz9088.tmp
false
8B9B248ED4ADB4BA5259317DC9C0AC28
9AC1E37E65A9A2BD4F32BF4F89618BEAD8F9F9FB
41891B82C216709BAE67DBF48537B87829C0F91EFEB192E4F27BD3FADD51F078
C:\Users\user\AppData\Roaming\wsvjsxxwtyqtn\vsbqyetogexvl.exe
true
D0A8C2403C51EA96D820DCD443F1AAAB
825A057B9218A956A632BDD563056BE37BFC0C10
0C397EBC470F59440B6A317A88A2592C0B05057CEA1FF2F31B9FDDE549971AEE
208.91.199.224
us2.smtp.mailhostbox.com
false
208.91.199.224
.NET source code contains very large array initializations
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Moves itself to temp directory
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla