33.0.0 White Diamond
IR
509511
CloudBasic
16:12:16
26/10/2021
qQesBb5jg2.dll
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
b76097aaa0ca490e5eb6b5a2dd13c5bc
9920ece38424d7902ffb7c28ae1b5c0d33e19aa8
8f409a0d417462b342281b3f869a397ed4f5b8fd5841d140c8c57e7df39ff4b0
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
80
0
100
5
0
5
false
45.9.20.174
192.168.2.1
66.254.114.238
193.239.85.58
redtube.com
false
66.254.114.238
windowsupdate.s.llnwi.net
false
95.140.236.0
premiumweare.com
true
45.9.20.174
gloverunomai.com
true
193.239.85.58
microsoft.com.login
true
unknown
www.redtube.com
false
unknown
Found malware configuration
Writes or reads registry keys via WMI
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Writes registry values via WMI