36.0.0 Rainbow Opal
IR
753421
CloudBasic
19:48:36
24/11/2022
conhost.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
8c9dca7a1d21e402c885d50af18737d1
39cdfb61bf1a94d064a5ac5648ab552ca20be539
7cb6264b793849e31f23a7eb4f18f59a71fd3e44760be9d6052bbcdc2dfdf15c
Win32 Executable (generic) a (10002005/4) 91.23%
true
false
false
false
100
0
100
5
0
5
false
C:\Windows\Tasks\wow64.job
false
65B27BF9361F0023AC53DD93C125103A
2F81B65A3E7CDE6C03358BDFA460D64E456C8580
B28AF9BA07C95BBCB7366E36C257D97D21AF06DB29123DBA1C2AA91B57AE8FDF
207.148.1.174
146.70.53.169
207.148.1.174
true
146.70.53.169
true
Found evasive API chain (may stop execution after checking mutex)
Multi AV Scanner detection for submitted file
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Yara detected CryptOne packer
Yara detected SystemBC
Detected unpacking (changes PE section rights)
C2 URLs / IPs found in malware configuration