36.0.0 Rainbow Opal
IR
756005
CloudBasic
13:49:17
29/11/2022
SecuriteInfo.com.Win32.CrypterX-gen.23740.23288.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
d55d9c72b27c17af9a53847bec4dad00
dbfa157d95af9d351b7051802e5e80a0a78daa05
36143d6674053884d6bf2ce1e5bc8dd6f31b9d6b4d2fae272e37ac5649d00520
Win32 Executable (generic) Net Framework (10011505/4) 49.80%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.23740.23288.exe.log
true
FED34146BF2F2FA59DCF8702FCC8232E
B03BFEA175989D989850CF06FE5E7BBF56EAA00A
123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
api.telegram.org
false
149.154.167.220
http://127.0.0.1:HTTP/1.1
false
unknown
http://www.apache.org/licenses/LICENSE-2.0
false
unknown
http://www.fontbureau.com
false
unknown
http://www.fontbureau.com/designersG
false
unknown
http://DynDns.comDynDNS
false
unknown
http://www.fontbureau.com/designers/?
false
unknown
http://www.founder.com.cn/cn/bThe
false
unknown
https://api.telegram.org
false
unknown
http://www.tiro.com8
false
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
false
unknown
http://www.fontbureau.com/designers?
false
unknown
https://api.telegram.org/bot5083863399:AAH9g72QTdN88jNOd6_tBrE8gEd-FpXnfHE/
false
unknown
http://www.tiro.com
false
unknown
http://www.fontbureau.com/designers
false
unknown
http://www.goodfont.co.kr
false
unknown
https://api.telegram.org/bot5083863399:AAH9g72QTdN88jNOd6_tBrE8gEd-FpXnfHE/sendDocument
false
unknown
http://www.carterandcone.coml
false
unknown
https://api.telegram.org/bot5083863399:AAH9g72QTdN88jNOd6_tBrE8gEd-FpXnfHE/sendDocumentdocument-----
false
unknown
http://www.sajatypeworks.com
false
unknown
http://www.typography.netD
false
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
false
unknown
http://www.founder.com.cn/cn/cThe
false
unknown
http://www.galapagosdesign.com/staff/dennis.htm
false
unknown
http://fontfabrik.com
false
unknown
http://www.founder.com.cn/cn
false
unknown
https://api.telegram.org4
false
unknown
http://www.fontbureau.com/designers/frere-jones.html
false
unknown
http://www.jiyu-kobo.co.jp/
false
unknown
http://dv3SXfHRU1tFUjfcDW.net
false
unknown
http://www.galapagosdesign.com/DPlease
false
unknown
http://www.fontbureau.com/designers8
false
unknown
http://www.fonts.com
false
unknown
http://www.sandoll.co.kr
false
unknown
http://www.urwpp.deDPlease
false
unknown
http://www.zhongyicts.com.cn
false
unknown
http://api.telegram.org
false
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
false
unknown
http://www.sakkal.com
false
unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
false
unknown
http://UEYOBD.com
false
unknown
Tries to steal Mail credentials (via file / registry access)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Multi AV Scanner detection for submitted file
Tries to harvest and steal ftp login credentials
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Telegram RAT
Yara detected AgentTesla
Uses the Telegram API (likely for C&C communication)
Yara detected AntiVM3
Machine Learning detection for sample
Yara detected Generic Downloader
.NET source code contains very large array initializations
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Snort IDS alert for network traffic
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)