36.0.0 Rainbow Opal
IR
715073
CloudBasic
15:56:20
03/10/2022
INV NO -609983773 60983768.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
4e06d9889629e7ff0faba3b139dcc950
11db4a20ec8fc4a88bc5b75dc5de730e719b9f57
341b6ff76b63e3e74b8fd97b301462f9a6544405946271b7766c4ff4c8c28150
Win64 Executable GUI Net Framework (217006/5) 49.88%
true
false
false
false
76
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\INV NO -609983773 60983768.exe.log
true
C8A62E39DE7A3F805D39384E8BABB1E0
B32B1257401F17A2D1D5D3CC1D8C1E072E3FEE31
A7BC127854C5327ABD50C86000BF10586B556A5E085BB23523B07A15DD4C5383
https://opensource.bulkpdf.de/Whttps://opensource.bulkpdf.de/documentation
false
unknown
https://opensource.bulkpdf.de/documentation
false
unknown
https://opensource.bulkpdf.de/
false
unknown
http://fsf.org/
false
unknown
http://geoplugin.net/json.gp/C
false
unknown
172.111.234.110
true
http://itextpdf.com/terms-of-use/
false
unknown
http://www.gnu.org/licenses
false
unknown
http://www.gnu.org/licenses/gpl-faq.html#FontException
false
unknown
http://www.gnu.org/licenses/
false
unknown
Multi AV Scanner detection for submitted file
C2 URLs / IPs found in malware configuration
.NET source code references suspicious native API functions
Malicious sample detected (through community Yara rule)
Yara detected Remcos RAT
Machine Learning detection for sample