33.0.0 White Diamond
IR
1644
CloudBasic
16:15:26
13/10/2021
FACTURA.exe
default.jbs
Windows 10 64 bit 20H2 Native <b>physical Machine for testing VM-aware malware</b> (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
WINDOWS
d9b54bd175163eae11715a5b89b32aba
8a926c701db271e1f2edfec8890a865248e52d24
3e123fbdc89e8c9c59a0c5a3a1c2d8fda13f5d8551da654bef2f17f34f578075
Win32 Executable (generic) a (10002005/4) 99.15%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
false
0CD2F9E0DA1773E9ED864DA5E370E74E
CABD2A79A1076A31F21D253635CB039D4329A5E8
96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
false
AB5C36D10261C173C5896F3478CDC6B7
87AC53810AD125663519E944BC87DED3979CBEE4
F8E90FB0557FE49D7702CFB506312AC0B24C97802F9C782696DB6D47F434E8E9
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
false
40BA52E8F24B1BAED3EF33DDC40376D7
E021BA35EED4206F32BF96A134ED85A5E015CB5E
15724954CAA89A168000AA089B6FFB10D19ACB6F6067AE1CF5497FCCD97E2078
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
false
175F8D04CD734B65D0C4CAE1E096E578
ED0BE651ADC726429A0E16233657196F9C22231B
93EF494D9E55F248554850CF029F1D74E3A343EF3682DCBEE8293823D40B839B
\Device\ConDrv
false
9F754B47B351EF0FC32527B541420595
006C66220B33E98C725B73495FE97B3291CE14D9
0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
172.217.168.46
142.250.181.225
188.93.227.195
tccinfaes.com
true
188.93.227.195
drive.google.com
false
172.217.168.46
googlehosted.l.googleusercontent.com
false
142.250.181.225
mail.tccinfaes.com
true
unknown
x1.i.lencr.org
false
unknown
doc-04-88-docs.googleusercontent.com
false
unknown
Hides threads from debuggers
Found malware configuration
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: RegAsm connects to smtp port
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected GuLoader
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)