33.0.0 White Diamond
IR
452458
CloudBasic
11:42:12
22/07/2021
JEPayKhzWa
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
f471bf615ef92f5ee73b48fe203373de
11f0b6de8d4baf8e039f6244438ebb05bc589923
d5608cba3115764a7758fa21c3e2f69724418dc48a8d0f5aaabe7efb71e2f28f
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\JEPayKhzWa.exe.log
true
F1C17EAE806A5E2FF57C1AA433C1873E
6AD58A6A412CF3620F39546F1C9E8353844EED42
7C73E26E04377B6D01B7579CD758F53CD7B99661529FCD1C9873EAAA5B8902E6
C:\Users\user\AppData\Local\Temp\tmp16D4.tmp
false
81DB1710BB13DA3343FC0DF9F00BE49F
9B1F17E936D28684FFDFA962340C8872512270BB
9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
C:\Users\user\AppData\Local\Temp\tmp16D5.tmp
false
81DB1710BB13DA3343FC0DF9F00BE49F
9B1F17E936D28684FFDFA962340C8872512270BB
9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
C:\Users\user\AppData\Local\Temp\tmp16D6.tmp
false
81DB1710BB13DA3343FC0DF9F00BE49F
9B1F17E936D28684FFDFA962340C8872512270BB
9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
C:\Users\user\AppData\Local\Temp\tmp1706.tmp
false
A7FE10DA330AD03BF22DC9AC76BBB3E4
1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
C:\Users\user\AppData\Local\Temp\tmp1707.tmp
false
A7FE10DA330AD03BF22DC9AC76BBB3E4
1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
C:\Users\user\AppData\Local\Temp\tmp2C38.tmp
false
CC0686FCDF6617729D1EDF30F49501F1
02D629848E3D467D8143B057F003E0D7448126CD
31E15305BC0579F03C51A1D6534B332F32C73ABC6D1B68BA0BDA6FCF97F593C9
C:\Users\user\AppData\Local\Temp\tmp2C39.tmp
false
2DB1C5AA015E3F413D41884AC02B89BC
4872ADF2EA66D90FC5B417E4698CFF3E9A247E7B
956C48539B32DB34EE3DAF968CC43EA462EE5622B66E3A7CB8705762EB0662F1
C:\Users\user\AppData\Local\Temp\tmp47EC.tmp
false
72A43D390E478BA9664F03951692D109
482FE43725D7A1614F6E24429E455CD0A920DF7C
593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
C:\Users\user\AppData\Local\Temp\tmp47ED.tmp
false
72A43D390E478BA9664F03951692D109
482FE43725D7A1614F6E24429E455CD0A920DF7C
593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
C:\Users\user\AppData\Local\Temp\tmp47EE.tmp
false
72A43D390E478BA9664F03951692D109
482FE43725D7A1614F6E24429E455CD0A920DF7C
593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
C:\Users\user\AppData\Local\Temp\tmp6413.tmp
false
CC0686FCDF6617729D1EDF30F49501F1
02D629848E3D467D8143B057F003E0D7448126CD
31E15305BC0579F03C51A1D6534B332F32C73ABC6D1B68BA0BDA6FCF97F593C9
C:\Users\user\AppData\Local\Temp\tmp6414.tmp
false
2DB1C5AA015E3F413D41884AC02B89BC
4872ADF2EA66D90FC5B417E4698CFF3E9A247E7B
956C48539B32DB34EE3DAF968CC43EA462EE5622B66E3A7CB8705762EB0662F1
C:\Users\user\AppData\Local\Temp\tmp77F7.tmp
false
72A43D390E478BA9664F03951692D109
482FE43725D7A1614F6E24429E455CD0A920DF7C
593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
C:\Users\user\AppData\Local\Temp\tmp7808.tmp
false
72A43D390E478BA9664F03951692D109
482FE43725D7A1614F6E24429E455CD0A920DF7C
593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
C:\Users\user\AppData\Local\Temp\tmp7809.tmp
false
72A43D390E478BA9664F03951692D109
482FE43725D7A1614F6E24429E455CD0A920DF7C
593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
C:\Users\user\AppData\Local\Temp\tmp780A.tmp
false
72A43D390E478BA9664F03951692D109
482FE43725D7A1614F6E24429E455CD0A920DF7C
593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
C:\Users\user\AppData\Local\Temp\tmp784A.tmp
false
72A43D390E478BA9664F03951692D109
482FE43725D7A1614F6E24429E455CD0A920DF7C
593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
C:\Users\user\AppData\Local\Temp\tmp784B.tmp
false
72A43D390E478BA9664F03951692D109
482FE43725D7A1614F6E24429E455CD0A920DF7C
593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
C:\Users\user\AppData\Local\Temp\tmp784C.tmp
false
72A43D390E478BA9664F03951692D109
482FE43725D7A1614F6E24429E455CD0A920DF7C
593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
C:\Users\user\AppData\Local\Temp\tmpA7E8.tmp
false
72A43D390E478BA9664F03951692D109
482FE43725D7A1614F6E24429E455CD0A920DF7C
593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
C:\Users\user\AppData\Local\Temp\tmpA7E9.tmp
false
72A43D390E478BA9664F03951692D109
482FE43725D7A1614F6E24429E455CD0A920DF7C
593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
C:\Users\user\AppData\Local\Temp\tmpB316.tmp
false
81DB1710BB13DA3343FC0DF9F00BE49F
9B1F17E936D28684FFDFA962340C8872512270BB
9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
C:\Users\user\AppData\Local\Temp\tmpE571.tmp
false
81DB1710BB13DA3343FC0DF9F00BE49F
9B1F17E936D28684FFDFA962340C8872512270BB
9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
C:\Users\user\AppData\Local\Temp\tmpE5D0.tmp
false
81DB1710BB13DA3343FC0DF9F00BE49F
9B1F17E936D28684FFDFA962340C8872512270BB
9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
45.139.184.124
kurinogti.info
true
45.139.184.124
api.ip.sb
false
unknown
.NET source code contains very large strings
Injects a PE file into a foreign processes
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Yara detected RedLine Stealer