Multi AV Scanner detection for submitted file
Yara detected Record Stealer
Snort IDS alert for network traffic
Hides threads from debuggers
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to steal Crypto Currency Wallets
Tries to evade analysis by execution special instruction (VM detection)
Tries to detect virtualization through RDTSC time measurements
Query firmware table information (likely to detect VMs)
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
PE file contains section with special chars
Is looking for software installed on the system
Uses 32bit PE files
Sample file is different than original file name gathered from version info
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
PE file contains strange resources
Drops PE files
Checks if the current process is being debugged
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
PE file contains more sections than normal
Found dropped PE file which has not been started or loaded
Downloads executable code via HTTP
Entry point lies outside standard sections