36.0.0 Rainbow Opal
IR
715065
CloudBasic
15:48:08
03/10/2022
QNx8Bu7CNn.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
9a9cb1f7f37aa3955cfb4d8991583e31
8d63b02db5ce9bb9bb1691ab4a5282d18078191a
943089ba13faf44a75c9624e2b68af1f561d5567bb4ba7cf4a2596b129da6a2b
Win32 Executable (generic) Net Framework (10011505/4) 49.80%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QNx8Bu7CNn.exe.log
true
2E016B886BDB8389D2DD0867BE55F87B
25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
190.107.177.239
ftp.valvulasthermovalve.cl
false
190.107.177.239
http://127.0.0.1:HTTP/1.1
false
unknown
http://www.apache.org/licenses/LICENSE-2.0
false
unknown
http://www.fontbureau.com
false
unknown
http://www.fontbureau.com/designersG
false
unknown
http://ftp.valvulasthermovalve.cl
true
unknown
http://www.fontbureau.com/designers/?
false
unknown
http://www.founder.com.cn/cn/bThe
false
unknown
http://www.fontbureau.com/designers?
false
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www
false
unknown
http://uZTc8nGgAr9KT9EFaKnD.net
false
unknown
http://pzxuZU.com
false
unknown
http://www.tiro.com
false
unknown
http://www.fontbureau.com/designers
false
unknown
http://www.goodfont.co.kr
false
unknown
http://www.carterandcone.coml
false
unknown
http://www.sajatypeworks.com
false
unknown
http://www.typography.netD
false
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
false
unknown
http://www.founder.com.cn/cn/cThe
false
unknown
http://www.galapagosdesign.com/staff/dennis.htm
false
unknown
http://fontfabrik.com
false
unknown
http://www.founder.com.cn/cn
false
unknown
http://www.fontbureau.com/designers/frere-jones.html
false
unknown
http://www.jiyu-kobo.co.jp/
false
unknown
http://DynDns.comDynDNSnamejidpasswordPsi/Psi
false
unknown
http://www.galapagosdesign.com/DPlease
false
unknown
http://www.fontbureau.com/designers8
false
unknown
http://www.fonts.com
false
unknown
http://www.sandoll.co.kr
false
unknown
http://www.urwpp.deDPlease
false
unknown
http://www.zhongyicts.com.cn
false
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
http://www.sakkal.com
false
unknown
ftp://ftp.valvulasthermovalve.cl/cva19491
true
unknown
Tries to steal Mail credentials (via file / registry access)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Multi AV Scanner detection for submitted file
Tries to harvest and steal ftp login credentials
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM3
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)