33.0.0 White Diamond
IR
502670
CloudBasic
08:44:15
14/10/2021
vbc.exe_
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
a665b705b9381b33aaa9e307fe340af7
a6fba4f009921b1de9d524047bcb7fa0e571a116
dc07322ef1652695b5e85bfd5d6da8c5b6c311d26ff13eb18a390cd4b7232203
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BnevyAj.exe.log
false
832D6A22CE7798D72609B9C21B4AF152
B086DE927BFEE6039F5555CE53C397D1E59B4CA4
9E5EE72EF293C66406AF155572BF3B0CF9DA09CC1F60ED6524AAFD65553CE551
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vbc.exe.log
true
832D6A22CE7798D72609B9C21B4AF152
B086DE927BFEE6039F5555CE53C397D1E59B4CA4
9E5EE72EF293C66406AF155572BF3B0CF9DA09CC1F60ED6524AAFD65553CE551
C:\Users\user\AppData\Roaming\BnevyAj\BnevyAj.exe
true
A665B705B9381B33AAA9E307FE340AF7
A6FBA4F009921B1DE9D524047BCB7FA0E571A116
DC07322EF1652695B5E85BFD5D6DA8C5B6C311D26FF13EB18A390CD4B7232203
C:\Users\user\AppData\Roaming\BnevyAj\BnevyAj.exe:Zone.Identifier
true
187F488E27DB4AF347237FE461A079AD
6693BA299EC1881249D59262276A0D2CB21F8E64
255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
116.202.174.203
windowsupdate.s.llnwi.net
false
178.79.242.0
croatiahunt.com
true
116.202.174.203
mail.croatiahunt.com
true
unknown
Found malware configuration
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Multi AV Scanner detection for submitted file
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
.NET source code contains very large array initializations
Hides that the sample has been downloaded from the Internet (zone.identifier)
Multi AV Scanner detection for dropped file
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)