34.0.0 Boulder Opal
IR
626184
CloudBasic
17:17:18
13/05/2022
Aviso de pago.pdf____________________________.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
05b6b97166b339557424ca035418a640
e1699c9c10d6807650fcc35fc76c7744deeb16be
6797c9eb17e1ad3b41121bc80db0a97ae642bfca0874c8b7bd391507d2ca5540
Win32 Executable (generic) Net Framework (10011505/4) 49.83%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Aviso de pago.pdf____________________________.exe.log
true
2717088AB018D5B447B894876B721386
C88136905BD0ACEAF8B31A73FB0B12F02D503DCA
34109AB9D426B98603DA4B53D239CCD7A6E09F4C62277BE6B8D4675553A6736D
195.133.18.171
http://127.0.0.1:HTTP/1.1
false
unknown
http://DynDns.comDynDNS
false
unknown
https://github.com/mgravell/protobuf-neti
false
unknown
https://stackoverflow.com/q/14436606/23354
false
unknown
https://github.com/mgravell/protobuf-netJ
false
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
false
unknown
https://stackoverflow.com/q/11564914/23354;
false
unknown
https://stackoverflow.com/q/2152978/23354
false
unknown
http://195.133.18.171
true
unknown
http://195.133.18.171/Znmtganqo_Wvetpunc.jpgT
true
unknown
https://github.com/mgravell/protobuf-net
false
unknown
http://195.133.18.171/Znmtganqo_Wvetpunc.jpg
true
195.133.18.171
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
false
unknown
http://WPfLXV.com
false
unknown
Found malware configuration
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AgentTesla
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Yara detected Generic Downloader
.NET source code contains very large array initializations
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Snort IDS alert for network traffic
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)