34.0.0 Boulder Opal
IR
626244
CloudBasic
18:29:24
13/05/2022
ATTACHED FILE (2).exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
a54ebe06ed43c17fb5fae1a2bbafa2fb
17c5bbe86e2f1ac5a81eda497ebf65e3f3f17bd8
15cb6c5ee0ea7208770e08b093202e64f73bfe0614c6fbbbdd2cad96db1049d8
Win32 Executable (generic) Net Framework (10011505/4) 49.80%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ATTACHED FILE (2).exe.log
true
69206D3AF7D6EFD08F4B4726998856D3
E778D4BF781F7712163CF5E2F5E7C15953E484CF
A937AD22F9C3E667A062BA0E116672960CD93522F6997C77C00370755929BA87
C:\Users\user\AppData\Local\Temp\tmpB58E.tmp
true
E263013D6D591E2B8BFF60D328E2B168
B418090AD08E17F91645E811E641A894550D16E7
1C3A3AB31C66150BA1C888C661396D4ACBC300202A362CBFAE2C7433E5EBB75F
C:\Users\user\AppData\Roaming\QFuHJZVlQZLJcC.exe
true
A54EBE06ED43C17FB5FAE1A2BBAFA2FB
17C5BBE86E2F1AC5A81EDA497EBF65E3F3F17BD8
15CB6C5EE0EA7208770E08B093202E64F73BFE0614C6FBBBDD2CAD96DB1049D8
65.108.71.185
mail.pabautouae.com
true
65.108.71.185
http://127.0.0.1:HTTP/1.1
false
unknown
http://www.apache.org/licenses/LICENSE-2.0
false
unknown
http://www.fontbureau.com
false
unknown
http://www.fontbureau.com/designersG
false
unknown
http://www.fontbureau.com/designers/?
false
unknown
http://www.founder.com.cn/cn/bThe
false
unknown
http://www.fontbureau.com/designers?
false
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www
false
unknown
http://www.tiro.com
false
unknown
http://www.fontbureau.com/designers
false
unknown
http://www.goodfont.co.kr
false
unknown
https://7etGyjpiXQLDxdfOx4.com
false
unknown
http://ncOfHo.com
false
unknown
http://www.carterandcone.coml
false
unknown
http://www.sajatypeworks.com
false
unknown
http://www.typography.netD
false
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
false
unknown
http://www.founder.com.cn/cn/cThe
false
unknown
http://www.galapagosdesign.com/staff/dennis.htm
false
unknown
http://fontfabrik.com
false
unknown
http://mail.pabautouae.com
false
unknown
http://www.founder.com.cn/cn
false
unknown
http://www.fontbureau.com/designers/frere-jones.html
false
unknown
http://www.jiyu-kobo.co.jp/
false
unknown
http://DynDns.comDynDNSnamejidpasswordPsi/Psi
false
unknown
http://www.galapagosdesign.com/DPlease
false
unknown
http://www.fontbureau.com/designers8
false
unknown
http://www.fonts.com
false
unknown
http://www.sandoll.co.kr
false
unknown
http://www.urwpp.deDPlease
false
unknown
http://www.zhongyicts.com.cn
false
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
http://www.sakkal.com
false
unknown
Tries to steal Mail credentials (via file / registry access)
Found malware configuration
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Multi AV Scanner detection for submitted file
Tries to harvest and steal ftp login credentials
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM3
Machine Learning detection for sample
.NET source code contains very large array initializations
Machine Learning detection for dropped file
Multi AV Scanner detection for dropped file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)