34.0.0 Boulder Opal
IR
542742
CloudBasic
14:21:10
20/12/2021
Original Doc Ref SN02853801324189923.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
2b40b86c870ab6b0e9b08f26bd231e1a
78a6fc51761c25fe571fec37ca4beaa13d7b5d48
6c9c9bd77d704ca8c48a0125289e0e15e75f62f09d40ffad58a24bd96c3a57c0
Win32 Executable (generic) a (10002005/4) 97.02%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\IXP000.TMP\Semiha.exe
true
AE871D1957030344D4CEFC7295A1E964
73E0D642D14CA3DCFCA3D22FA2312968D1BA5CD6
6F8A836D10EADA55BB1D3901CEB5B97711AFC9F7018E3BD0F0A8E77521F18E5B
172.217.168.46
172.217.168.1
drive.google.com
false
172.217.168.46
googlehosted.l.googleusercontent.com
false
172.217.168.1
doc-10-80-docs.googleusercontent.com
false
unknown
Hides threads from debuggers
Found malware configuration
Yara detected Generic Dropper
Maps a DLL or memory area into another process
Tries to detect Any.run
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
GuLoader behavior detected
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Yara detected GuLoader