33.0.0 White Diamond
IR
1380
CloudBasic
08:55:28
28/09/2021
FACTURA.exe
default.jbs
Windows 10 64 bit 20H2 Native <b>physical Machine for testing VM-aware malware</b> (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
WINDOWS
dbe61cfd43c95752f6dfbde236558782
71b7f9ea7778a67ffc75fa0f7d8a74dc243aae22
7194eca2c497f9ea9c3bb989fb7f328d9740b6d396af39ec66ec730c0db61044
Win32 Executable (generic) a (10002005/4) 99.15%
true
false
false
false
100
0
100
5
0
5
false
\Device\ConDrv
false
9F754B47B351EF0FC32527B541420595
006C66220B33E98C725B73495FE97B3291CE14D9
0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
142.250.185.206
109.169.39.245
142.250.186.33
drive.google.com
false
142.250.185.206
googlehosted.l.googleusercontent.com
false
142.250.186.33
mail.reyesyasociados.com
true
109.169.39.245
doc-08-50-docs.googleusercontent.com
false
unknown
Hides threads from debuggers
Found malware configuration
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Multi AV Scanner detection for submitted file
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: RegAsm connects to smtp port
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected GuLoader
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)