34.0.0 Boulder Opal
IR
539387
CloudBasic
08:36:10
14/12/2021
SWIFT_ACK-89813.02.exe
default.jbs
Windows 10 64 bit 20H2 Native <b>physical Machine for testing VM-aware malware</b> (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
WINDOWS
2f19182da895afc914c7b9851a4f2d49
7d111bd6284cdd87498e72d90a595aea9fc35d5d
24d5129d6ecbe5ba5e88077d1207bc09fc68d076dea00892bc614a267f9f0b1b
Win32 Executable (generic) a (10002005/4) 99.15%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\~DF7BE3E0977138378C.TMP
false
52AA63688AAC03A75A4231F6519EBA14
7BAA47908391E462A575DF51EBCE7F3EFF076B17
FB8C5BC990C88E0716500458D7685B934A75580DDB42DDC9D616FF0E2A2E6ADC
C:\Users\user\AppData\Roaming\gfh3sqpf.wnq\Chrome\Default\Cookies
false
CFA95D988565672C785871A48B529F85
4D6BED615DFA00E1067E6F95F8EC6C210ADF96A7
647D64A623FB1B62175441A0EF016F8B4479A64D620498644F15DD04FDFB3B24
C:\Users\user\AppData\Roaming\gfh3sqpf.wnq\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite
false
886A5F9308577FDF19279AA582D0024D
CDCCC11837CDDB657EB0EF6A01202451ECDF4992
BA7EB45B7E9B6990BC63BE63836B74FA2CCB64DCD0C199056B6AE37B1AE735F2
\Device\ConDrv
false
9F754B47B351EF0FC32527B541420595
006C66220B33E98C725B73495FE97B3291CE14D9
0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
142.250.186.78
94.23.221.28
142.250.185.65
fortunametals.es
true
94.23.221.28
drive.google.com
false
142.250.186.78
googlehosted.l.googleusercontent.com
false
142.250.185.65
mail.fortunametals.es
true
unknown
doc-14-38-docs.googleusercontent.com
false
unknown
Hides threads from debuggers
Installs a global keyboard hook
Tries to steal Mail credentials (via file / registry access)
Found malware configuration
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Multi AV Scanner detection for submitted file
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
C2 URLs / IPs found in malware configuration
GuLoader behavior detected
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected GuLoader
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)