33.0.0 White Diamond
IR
502644
CloudBasic
08:11:15
14/10/2021
TqSDHvsKpt.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
b063d4a9942d8b820ad62d2359d5263d
ed42b11ac340a8b742ce61c2559b0154bcd75740
25cb04e6ce30f98f9cad9aa1fab3682067d2fee08cc09fe7accf657b2df04a23
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_TqSDHvsKpt.exe_64f1c96cf9a7864d28f56ccad3f29a16bcf50b5_5cfa26da_122e9ca4\Report.wer
true
9AD1D9E5F43EE26D33A57241671EC0CF
325ABA4C0FE509B82AAD6D97C6F6C4C78A22016B
39D86AE81F51944B4A3FBF85ABFDCBF503B7F106AD692AEF6E1D2C2C24CDBA2D
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3EF.tmp.WERInternalMetadata.xml
false
8A08FDCC4E57BD7E7866BB0BCB98EE51
93195BC6D55AB1366EDF2A31815425E4ED02D6CD
B636CAD1B89A5256B8FC1DE561897971936F6569754CB5CCE5DDC1CDD05730CE
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6AF.tmp.xml
false
C1B8D23322C8562CDB8F0C88274839F1
13BC07542AC21FCD3F950B40C5BF3F0969457307
1EF27525769720051768014F93C15BE32328E0E0E56F13DDE865794363C02306
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB24.tmp.dmp
false
BEDBB6B6D54D4875628B361846A0F4BF
D6DA5B0911B4BF24D8B9AEBD3001DAA3EFA65123
B89CA63C64C70A5871BE6D69BE60D55507CAADDF00B28D4B1CA374CBF6E26225
C:\Windows\appcompat\Programs\Amcache.hve
false
BE910B4067CE965D5CC5824CC7F05CEA
110BD305B966719C50881BB2966C1DED7AD71F8C
75ECD4E05B0C7584AF0861D0AA2068A47A2B526270275B06B0EB66D9467E6C28
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
C22CFF4B9C313BF5FA30A7E098948389
F0EA17BE3D6D60093A40BD457BD9C13F3EE094CD
439FC907E1999E1DDC28A9BE38540037B5945441131E805A27FD5EE1B14D0CB6
192.168.2.1
212.1.210.54
162.159.129.233
dpobumber.com
true
212.1.210.54
cdn.discordapp.com
false
162.159.129.233
mail.dpobumber.com
true
unknown
Hides threads from debuggers
Found malware configuration
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Multi AV Scanner detection for submitted file
Tries to harvest and steal ftp login credentials
Yara detected AgentTesla
Machine Learning detection for sample
Injects a PE file into a foreign processes
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)