34.0.0 Boulder Opal
IR
544194
CloudBasic
20:24:44
22/12/2021
SecuriteInfo.com.W32.AIDetect.malware1.11362.23809
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
43d4b9318439f6926dfbcf46a5291621
06581c15c15cf8345bef1cea5b32fbc7d7d71e03
b06b7b05e576d19367c383aabd9c8fed8cd5e7955e2f1493d326b9b5306c7439
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
76
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f87e517ca7ba4e3ba229cb2ffa35583e25899a_82810a17_198b3aa3\Report.wer
false
79CC54E8C141F5109F39A5F806AD2CEE
7845FDA8469C72F836649557F0F3A92455DE4236
13C1D974F5EA0C00E96E1FBD52E5BC7A65776D8F0CFA0B5D14BC4848BB583022
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2362.tmp.dmp
false
85FB74CB0DB2B67D9BA3E9092034D4E9
7A9D86DE372B19FB2C89AE43D591BEA4B8074DF0
559F0DFB85C8738298F6C4149ADDEB8F36F408564C06248EC38CEEBF297F537C
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A0A.tmp.WERInternalMetadata.xml
false
C6B41AF3498EF6E2E60EF50528E8154F
77F07D74EA2EF214CEB45DFD62AABA8AAFB00D23
4E4E996FBD457F6077A79346F782B1CA500785D6C012E626F241C129F6BDF143
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C9B.tmp.xml
false
6BAC94B64344C795C1CD7AFDBABDDB2E
3A3D8B94C83ACE820EB1AFC75D0BE28F3FD9329A
4F470C9CE0691D6F479DD3A6CF46C8FB1DEEC18D33609C85E254F6DDE49A8406
C:\Windows\appcompat\Programs\Amcache.hve
false
21D7305D19FE5B8CD51D2D0684510032
82253896E8F485117A50B9D05180A99382EE97FF
E699C3B4FE6DC32FADBDB3483270E0511577D10A928735A1DBD6FD09029B99DD
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
443DE2D59B6BD26A036D75EBADD0082D
4D045F471E26251E784D2B42D3EA11D00C10CD45
6AC20E3348C3DD0DCC0459290ADF55511CBBD7143A9A42045453386DF7027E3D
185.4.135.27
85.10.248.28
80.211.3.13
144.91.122.102
Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
C2 URLs / IPs found in malware configuration