34.0.0 Boulder Opal
IR
528196
CloudBasic
20:58:20
24/11/2021
exe.exe
default.jbs
Windows 10 64 bit 20H2 Native <b>physical Machine for testing VM-aware malware</b> (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
WINDOWS
ccdf9de19a42d303579dfcc11f846bcb
413b2f4c1cc4f242d50bd95faa7ca85bcbcfbdef
0a2a2c18fa708a33573b788860a4911e6d6d6fd3ddf8cacdddf4d9d100ca562d
Win32 Executable (generic) a (10002005/4) 99.15%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\~DFF6C17D3AB00DBF02.TMP
false
19809EDD1FF00A1D7C105BC58A97CD02
26FB6D339CF2A7474DE6F785166163FA9B2ADBB1
4745D04A4BB99D70866D722394D9E71F3FAE597AA84E229A1E3B40F31521594C
\Device\ConDrv
false
9F754B47B351EF0FC32527B541420595
006C66220B33E98C725B73495FE97B3291CE14D9
0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
142.250.185.206
116.202.203.61
142.250.185.225
drive.google.com
false
142.250.185.206
googlehosted.l.googleusercontent.com
false
142.250.185.225
furteksdokuma.com.tr
true
116.202.203.61
doc-0k-5k-docs.googleusercontent.com
false
unknown
mail.furteksdokuma.com.tr
true
unknown
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Found malware configuration
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Multi AV Scanner detection for submitted file
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected GuLoader
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)