36.0.0 Rainbow Opal
IR
756310
CloudBasic
00:53:06
30/11/2022
INV.2022LB0362 FORM CO (2).exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
baed30aea51e6000571219633aa745b0
d7e3b155c00245a7f867dd2fb4c06cb7be6ec3f7
57520e51bb0820741b7883926800223886c491a8a5ddd517a49b0e2cc752fb18
Win32 Executable (generic) Net Framework (10011505/4) 49.80%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\INV.2022LB0362 FORM CO (2).exe.log
true
FED34146BF2F2FA59DCF8702FCC8232E
B03BFEA175989D989850CF06FE5E7BBF56EAA00A
123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a
false
D898504A722BFF1524134C6AB6A5EAA5
E0FDC90C2CA2A0219C99D2758E68C18875A3E11E
878F32F76B159494F5A39F9321616C6068CDB82E88DF89BCC739BBC1EA78E1F9
95.213.216.202
sempersim.su
true
95.213.216.202
http://www.apache.org/licenses/LICENSE-2.0
false
unknown
http://www.fontbureau.com
false
unknown
http://www.fontbureau.com/designersG
false
unknown
http://kbfvzoboss.bid/alien/fre.php
true
http://www.fontbureau.com/designers/?
false
unknown
http://www.founder.com.cn/cn/bThe
false
unknown
http://alphastand.top/alien/fre.php
true
http://www.fontbureau.com/designers?
false
unknown
http://www.ibsensoftware.com/
false
unknown
http://www.tiro.com
false
unknown
http://www.fontbureau.com/designers
false
unknown
http://alphastand.win/alien/fre.php
true
http://www.goodfont.co.kr
false
unknown
http://alphastand.trade/alien/fre.php
true
http://www.carterandcone.coml
false
unknown
http://www.sajatypeworks.com
false
unknown
http://www.typography.netD
false
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
false
unknown
http://www.founder.com.cn/cn/cThe
false
unknown
http://www.galapagosdesign.com/staff/dennis.htm
false
unknown
http://fontfabrik.com
false
unknown
http://www.founder.com.cn/cn
false
unknown
http://www.fontbureau.com/designers/frere-jones.html
false
unknown
http://www.jiyu-kobo.co.jp/
false
unknown
http://sempersim.su/gm11/fre.php
true
95.213.216.202
http://www.galapagosdesign.com/DPlease
false
unknown
http://www.fontbureau.com/designers8
false
unknown
http://www.fonts.com
false
unknown
http://www.sandoll.co.kr
false
unknown
http://www.urwpp.deDPlease
false
unknown
http://www.zhongyicts.com.cn
false
unknown
http://www.sakkal.com
false
unknown
Tries to steal Mail credentials (via file / registry access)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Multi AV Scanner detection for submitted file
Yara detected aPLib compressed binary
Tries to harvest and steal ftp login credentials
Malicious sample detected (through community Yara rule)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Machine Learning detection for sample
.NET source code contains potential unpacker
Yara detected Lokibot
C2 URLs / IPs found in malware configuration
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Tries to harvest and steal browser information (history, passwords, etc)
Snort IDS alert for network traffic