34.0.0 Boulder Opal
IR
541451
CloudBasic
10:14:52
17/12/2021
mixfive_20211216-221155
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
66e3c71bcd364eb5cf19cb820683ef0c
a51f002e800d652c14b2de10a63bbb80d276a33b
ee23fa71bea1f05017e21b38e7592db6334a0fc4e9e44bb48452b40a4ddf0677
Win32 Executable (generic) a (10002005/4) 99.96%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mixfive_20211216-221155.exe.log
false
2308F672881D77B53310A221B4D27E95
80371C7B5D415DC46F2BB4BA872B14AF0B0EED8B
83D6F5E305A78D3EAB05CFB58D8595FECB2755E80978C6D6236AEF9186E65CDB
C:\Users\user\AppData\Local\Temp\a.txt
false
6C3AA179406696C66ACF8DC984ABC7DF
7F66AB35CA41A3449382F9DA68864D64EC182F28
798DF5B3298985AE022F8C5A6714F7891EAA49B2E4B24E3A8B2329C04DD11C71
C:\Users\user\AppData\Local\Temp\nsiE423.tmp\System.dll
false
CFF85C549D536F651D4FB8387F1976F2
D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
C:\Users\user\AppData\Local\Temp\superprecise.dat
false
A1802D9DCD94AF7E3F2CE4577BA6E667
1B836F996B3FB4E812516EBDEA714FACCB45ADF3
DCC5CD1E4CC8AFE4A04F8931DA635821B60A07869DAC0327D043B26C96C39680
185.112.83.8
194.26.229.202
Hides threads from debuggers
Yara detected RedLine Stealer
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to steal Crypto Currency Wallets
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected GuLoader