34.0.0 Boulder Opal
IR
524274
CloudBasic
10:12:40
18/11/2021
Hpdyv8oO3j.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
dffaf08a25150b38c19210c180862aeb
a28b135b64a08d5ed30621aac5c3e955d4d090fb
8fdbfbf55033187c6a4d3cd7d42394cd56cbd3b5a9dc905e72aef2886172be36
Win32 Executable (generic) a (10002005/4) 99.94%
true
false
false
false
100
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_windows update.e_88669d6d392fdabab3f150c24b7e9ac915a06366_00000000_10d37750\Report.wer
false
5CE90DFC6068FC01BFAF7F151CF34B16
886CA7A3E79ECF401FAED7EF174A6591C06AE700
70A3B65501A1CC41F26C156B4154A0D735D4ED9A6225AA1FDF5EE688D667442C
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6493.tmp.WERInternalMetadata.xml
false
B42975E415A75C4CC8FA14FE1DC97DD1
A7584F6F58ECEA3D9F5BA379C927C1C4B8B5FB3F
2F88C278B6B57892FEDEF357323FAD2D980AA128CFEF95A5E43B1386A5E687F0
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6688.tmp.xml
false
8CA2F90D6BABEB2530A1B91B2B9FF6A6
0CD4F5CF2300A9B07862DC4ED5C11E41D5BAF876
7D828E529450D49F9B40BECE93A43007EEC440C228E77366A2CA9EB72FB7B377
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\RedLine.MainPanel-cracked.exe.log
true
CB9A918AA4F64DF8162B857C63195287
70E078D64F44CCB2BD89B106204E14D9E3B58894
104503FEB03BB8F7D338CDB64A0B2E2B608A966BDFE899142C9762B2D21F9260
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Keylogger.exe.log
true
5AD8E7ABEADADAC4CE06FF693476581A
81E42A97BBE3D7DE8B1E8B54C2B03C48594D761E
BAA1A28262BA27D51C3A1FA7FB0811AD1128297ABB2EDCCC785DC52667D2A6FD
C:\Users\user\AppData\Local\Temp\HOST.bat
false
ACE9684D1899236D68944B8FD65D1FB5
558A8B99483E4F0D8D2D0C6A509589901265881B
52DE0F6975F003E8F79F37F30BE69CB38F3679E23DAC8F0446625A76C14A8B19
C:\Users\user\AppData\Local\Temp\Keylogger.exe
true
C4E4A84909D8FF8DD222B8252365985D
6EEF0588DD038F5FF2A73C70ADD36C1659495322
14ADE1921A7BFE68DBFD21BFEB14BBEF6B89ED0DD15E9FBFA79A985EB42959F2
C:\Users\user\AppData\Local\Temp\RedLine.MainPanel-cracked.exe
true
098F7F40BACA320377ECA83FBF87F534
1C14C269465D850550EB7DC955E5CA5A0FA2CEC2
42B18977DAC9E72BBC4B9FA1A61085CD8A96CD99E59421196AA8AA0D8D4CF225
C:\Users\user\AppData\Local\Temp\SysInfo.txt
false
95FC50C7E40BB0D5EBD49FCBEE4E890D
E5086A9390CC8D6F512A206AB1AC4309A4CC4326
DC88107DF527833D0D8B7AC45D31AF0E5343AE36AB9725016B046CDD77E46EC7
C:\Users\user\AppData\Local\Temp\ViRuS.exe
true
D0F09063EA6922ACBFC734145FA48203
48253D06D8D053A4433B679E56270553D4F7FD66
71B96AF827245221A3D2AA884636F20BF41627DFC079A02D5DE58CD58C9A0111
C:\Users\user\AppData\Local\Temp\bhvB786.tmp
false
228AC2AB635442EBC4A1C3F2C2ACBB8C
75651BEDDE6473D1F40F4F287EB13A858862AF2C
9E3D696D433E10116BD7BC81039C13A4A496F5D38429745A5891EF46BDCFDC4F
C:\Users\user\AppData\Local\Temp\hhzclipper.exe
true
FC07BE5E90A1FFA22B22D3BC58A43E58
07BCA65E7754F4EA6093036D83549734AAB53758
7DE848E40DA073492C4F20587C4F53EC43CDFB3C199C6B76F58218D1E696DB1C
C:\Users\user\AppData\Local\Temp\holderwb.txt
false
F3B25701FE362EC84616A93A45CE9998
D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
C:\Users\user\AppData\Local\Temp\~DF48A538CB1AE66BD4.TMP
false
2C887583160B6B5FA4FA0C954A41E559
F947C07A74F208F6A18F187BE6ECF4F5666971CB
4BEB5B2C63DC903C9ADBE828F09E6D360B03B68A9622170B059068A769C74F8B
C:\Users\user\AppData\Local\Temp\~DFCABBFD68A244241F.TMP
false
2C887583160B6B5FA4FA0C954A41E559
F947C07A74F208F6A18F187BE6ECF4F5666971CB
4BEB5B2C63DC903C9ADBE828F09E6D360B03B68A9622170B059068A769C74F8B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\61bc7bd88d10e97264127fe545415b17.exe
true
098F7F40BACA320377ECA83FBF87F534
1C14C269465D850550EB7DC955E5CA5A0FA2CEC2
42B18977DAC9E72BBC4B9FA1A61085CD8A96CD99E59421196AA8AA0D8D4CF225
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk
false
F50DBACEDA242CDA5A8F9AA8FE302153
D3301CC2B8BBEC48B549220214B557160C5953EA
E5CC4DA8E6EFAAC1CD3EF645A05FCF844D007CCDB14CF514AD8A1978BE16BDC1
C:\Users\user\AppData\Roaming\RedLine.exe
true
098F7F40BACA320377ECA83FBF87F534
1C14C269465D850550EB7DC955E5CA5A0FA2CEC2
42B18977DAC9E72BBC4B9FA1A61085CD8A96CD99E59421196AA8AA0D8D4CF225
C:\Users\user\AppData\Roaming\Windows Update.exe
true
C4E4A84909D8FF8DD222B8252365985D
6EEF0588DD038F5FF2A73C70ADD36C1659495322
14ADE1921A7BFE68DBFD21BFEB14BBEF6B89ED0DD15E9FBFA79A985EB42959F2
C:\Users\user\AppData\Roaming\WindowsUpdate.exe
true
C4E4A84909D8FF8DD222B8252365985D
6EEF0588DD038F5FF2A73C70ADD36C1659495322
14ADE1921A7BFE68DBFD21BFEB14BBEF6B89ED0DD15E9FBFA79A985EB42959F2
C:\Users\user\AppData\Roaming\pid.txt
false
81BC798A42A7CE40810BF523F24DEEE1
2EB42F6F5AA9B4FEE8A34200D60567A93CBC72CE
1CC4C660D80F3452841386109DEEAFFE554F4FD47A5409F614BD6C1B53C78C65
C:\Users\user\AppData\Roaming\pidloc.txt
false
6078085422A31D60FCEB24D4FA24B6E8
0CD056478F3D877B3D44C7B439485B1ACFD78F5A
9113E6728CEB1F460E3CEAB19852A31602CD77A92E7B861802FE339FD5CFD837
C:\Windows\SysWOW64\user32dll.exe
true
D0F09063EA6922ACBFC734145FA48203
48253D06D8D053A4433B679E56270553D4F7FD66
71B96AF827245221A3D2AA884636F20BF41627DFC079A02D5DE58CD58C9A0111
C:\Windows\appcompat\Programs\Amcache.hve
false
6F6341035C32C699CCB490E03BA51DA2
AB3534EB33DD4685111AFDEB644B8ACA5098DDA8
D44A0D22E8F8E5723BE787028A956EEFCC7BCCC5960B60FB9606097C2B1BEBDD
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
CE8E365BA34D14C0A14087AEB24CFCC4
58EE19555F73CCE80A027EC17DA6D9A4D16586E6
5AC5EC00FEF748A4078CBFD61991BBA6A688FA8E349BB8DB1731147E997B4C11
\Device\ConDrv
false
689E2126A85BF55121488295EE068FA1
09BAAA253A49D80C18326DFBCA106551EBF22DD6
D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
104.16.154.36
173.194.79.108
173.194.79.109
104.16.155.36
82.202.167.226
192.168.2.1
127.0.0.1
whatismyipaddress.com
false
104.16.155.36
smtp.gmail.com
false
173.194.79.109
231.58.0.0.in-addr.arpa
false
unknown
Creates multiple autostart registry keys
Uses netsh to modify the Windows network and firewall settings
Drops PE files to the startup folder
Yara detected MailPassView
Yara detected HawkEye Keylogger
Uses cmd line tools excessively to alter registry or file data
Machine Learning detection for sample
Allocates memory in foreign processes
May check the online IP address of the machine
.NET source code contains potential unpacker
Creates files with lurking names (e.g. Crack.exe)
Injects a PE file into a foreign processes
Creates autostart registry keys with suspicious names
Antivirus detection for dropped file
Drops executables to the windows directory (C:\Windows) and starts them
Tries to harvest and steal browser information (history, passwords, etc)
Sample uses process hollowing technique
Installs a global keyboard hook
Writes to foreign memory regions
Multi AV Scanner detection for submitted file
.NET source code references suspicious native API functions
Malicious sample detected (through community Yara rule)
Contains functionality to log keystrokes (.Net Source)
Changes the view of files in windows explorer (hidden files and folders)
Yara detected Njrat
Antivirus / Scanner detection for submitted sample
Yara detected WebBrowserPassView password recovery tool
.NET source code contains very large strings
Machine Learning detection for dropped file
Detected HawkEye Rat
Modifies the windows firewall
Multi AV Scanner detection for dropped file