33.0.0 White Diamond
IR
451838
CloudBasic
12:11:10
21/07/2021
kw7HGENm1D.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
a854bd1a3ff6d359a5e2e76154892444
b8de8cb81adbb8cc5456a2100ffd3502548b0c2c
8fb35304f24a6348adbd96f2ece69cdc23aa2442cfe28ca910ee31b48fd43632
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
false
FEB350949251AC8F3E7783A2BDE88A51
82FE012F0CC9CF457701EC6DDE99AF73BD73B931
A32EA0E8DC38655BAC2BA4332C1A231D2B012CE638602F1826B220BA4D91CA61
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
true
26AA48EDF508A0DE24C4A8A90EC10DDD
62B2BB7EFED4F798F6665296A329CB61F3AA85E4
04C2D74AAAF3E89E878078F9B94E1CEDE00C5E12B30BF02A86C2A1172D694868
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bak
false
ACD3FB4310417DC77FE06F15B0E353E6
80E7002E655EB5765FDEB21114295CB96AD9D5EB
DC3AE604991C9BB8FF8BC4502AE3D0DB8A3317512C0F432490B103B89C1A4368
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin
false
BB0F9B9992809E733EFFF8B0E562CFD6
F0BAB3CF73A04F5A689E6AFC764FEE9276992742
C48F04FE7525AA3A3F9540889883F649726233DE021724823720A59B4F37CEAC
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
false
543352056C5CB25E9BC2BDEAF2BBF9E2
2D1E2BA09C295FB6631F7EDCD3280894FE7D5125
11227762F426CC8FA6FF700328732AA87A44807AA7C65FA6D97FDB47917CF8F6
52.91.94.222
3.92.185.198
newhost.publicvm.com
false
52.91.94.222
backupnewhost.duckdns.org
true
3.92.185.198
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
Uses dynamic DNS services
Antivirus / Scanner detection for submitted sample
Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Nanocore RAT