33.0.0 White Diamond
IR
451828
CloudBasic
12:10:46
21/07/2021
SecuriteInfo.com.Variant.Graftor.981190.24096.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
19cac1ee3a6e5e9f83054616f5d5ce6f
5b7f16098760f887b0bdc5fee9223d022e0597fb
3709110cc04e0eaffe10bec5e8a5c82b858bee4195975e7bcd30c50b246f56c3
Win32 Executable (generic) a (10002005/4) 99.15%
true
false
false
false
100
0
100
5
0
5
false
133.130.104.18
kinmirai.org
true
133.130.104.18
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Found malware configuration
GuLoader behavior detected
Multi AV Scanner detection for submitted file
Yara detected Generic Dropper
Yara detected GuLoader
Yara detected GuLoader