34.0.0 Boulder Opal
IR
544195
CloudBasic
20:25:06
22/12/2021
SecuriteInfo.com.W32.AIDetect.malware1.26365.29293
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
fa496e911b3de4b5888c894f6eeaabe2
eb857722b13f87d0d9e5596105c4b565fb0e6382
05a16b81c00f57c0bf4ec43f50759006fef117093bc68565c97525374223ff4f
Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
true
false
false
false
76
0
100
5
0
5
false
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fbb2d8caa9bc88c88f59a4bf7aec3c671b51a1_82810a17_157ba645\Report.wer
false
A0CD535FA5BFCC28C674C5AA3EA684F3
8B2E660B9B2CDA0325869620B05DB06EA4CCC937
1538AEE67517B177101D7A80E00505666D1DE3FF664C09357B2F4602C5214444
C:\ProgramData\Microsoft\Windows\WER\Temp\WER15BE.tmp.WERInternalMetadata.xml
false
D3CA5713CA7F17DE990E670FB9B0F2F7
8722582FA205ED26E2E5C0AA127074E9C178D131
C279F61F13CC74165AA605409A41FA855B957E314DEE97E912DA8BE94BD7A61E
C:\ProgramData\Microsoft\Windows\WER\Temp\WER187E.tmp.xml
false
41D81FF64581123D89B74771FDE72144
34902B274264750D4B64762E07F54164FDEC5F86
C34125EB909C0BF59F994D00C593C0EB4159235ECCEE0300D839DACF410AD17D
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD60.tmp.dmp
false
0BE23B7B884A2930EE970EE0717150B9
9207F2093A509BEF435090A18B122629C55A23A5
7BF34B1970131290E8D11A5BFBD8BE7DE44E49DB97EA290EEAB8B499269AE3C4
C:\Windows\appcompat\Programs\Amcache.hve
false
A6965262D7BB1299588A9094544B25FF
067CCC40582A5EFCEA5A743C68FB5683BA439199
5FFDD807856D0026550B83095AA907CBAA65701CE100425ED6144F78279DA9AA
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
false
8EFB07638DCCC8BEE5BD64E03FFB0FAB
C85188718976C6B1690AB43FF351D8EE366667AC
ACC3D86F4534C145D1AFD9C98181C8EF99E59CFB28E97398479B021822E31C3D
185.4.135.27
192.168.2.1
85.10.248.28
80.211.3.13
144.91.122.102
Found malware configuration
Yara detected Dridex unpacked file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
C2 URLs / IPs found in malware configuration