Windows Analysis Report
file.exe

ID:	1545304
Product:	CloudBasic
Start time:	11:46:06
Start date:	30.10.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	e2f4a20bf1778ddb6396f48f6f4a9a32
SHA1:	75d402e0a8645b0a33f93ed6a66f76fe22496987
SHA256:	a76920b863ff403f08436950963f30333e7b9297d36f2cec8e26bd94d66c8f1a
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256

AV Detection

Source: file.exe

Malware Configuration Extractor: LummaC {"C2 url": ["contemteny.site", "goalyfeastz.site", "servicedny.site", "seallysl.site", "opposezmny.site", "authorisev.site", "dilemmadu.site", "faulteyotk.site"], "Build id": "2Zo0RN--PRIVATE"}

Source: file.exe

ReversingLabs: Detection: 44%

Source: Submited Sample

Integrated Neural Analysis Model: Matched 82.0% probability

Source: file.exe

Joe Sandbox ML: detected

Source: file.exe	String decryptor: servicedny.site
Source: file.exe	String decryptor: authorisev.site
Source: file.exe	String decryptor: faulteyotk.site
Source: file.exe	String decryptor: dilemmadu.site
Source: file.exe	String decryptor: contemteny.site
Source: file.exe	String decryptor: goalyfeastz.site
Source: file.exe	String decryptor: opposezmny.site
Source: file.exe	String decryptor: seallysl.site
Source: file.exe	String decryptor: goalyfeastz.site
Source: file.exe	String decryptor: lid=%s&j=%s&ver=4.0
Source: file.exe	String decryptor: TeslaBrowser/5.5
Source: file.exe	String decryptor: - Screen Resoluton:
Source: file.exe	String decryptor: - Physical Installed Memory:
Source: file.exe	String decryptor: Workgroup: -
Source: file.exe	String decryptor: 2Zo0RN--PRIVATE

Compliance

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Software Vulnerabilities

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [eax]		0_2_005941F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx		0_2_0059137E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx		0_2_005913D5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]		0_2_0057E870
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [edi+ebx]		0_2_00555820
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax		0_2_0055E8DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx		0_2_0056C8CE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, eax		0_2_0058A97E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [eax+ebx*8], 7CDE1E50h		0_2_0058A97E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], B62B8D10h		0_2_0058A97E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], B62B8D10h		0_2_0058B170
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx+esi]		0_2_0055C960
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+5A603547h]		0_2_00560118
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], dl		0_2_00560118
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [ecx+eax-24F86745h]		0_2_00560118
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx		0_2_00560118
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx		0_2_00560118
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+5A603547h]		0_2_00560130
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], dl		0_2_00560130
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [ecx+eax-24F86745h]		0_2_00560130
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx		0_2_00560130
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx		0_2_00560130
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp edx		0_2_005931D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then xor byte ptr [ecx+ebx], bl		0_2_005931D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-7DC9E524h]		0_2_005741E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax		0_2_0055E996
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax		0_2_0057AA40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx		0_2_0057CA72
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx		0_2_0057CA72
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+1817620Ch]		0_2_0057AA60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax+ebx], 00000030h		0_2_005512D5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+2BB126CDh]		0_2_0058FAD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp edx		0_2_005932C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then xor byte ptr [ecx+ebx], bl		0_2_005932C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, edx		0_2_00571B40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], cl		0_2_0057EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax		0_2_0057EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then lea edx, dword ptr [eax-80h]		0_2_0057EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esi+ecx+0000009Ch]		0_2_0057EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+068F7B6Bh]		0_2_0057EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esi+04h], eax		0_2_0057EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al		0_2_0057EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, ebx		0_2_00571333
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [eax]		0_2_00594380
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp edx		0_2_005933B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then xor byte ptr [ecx+ebx], bl		0_2_005933B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp al, 2Eh		0_2_0057AC04
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h		0_2_0057E400
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, esi		0_2_0056ECDE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]		0_2_00587CA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ebx], ax		0_2_0056F510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl		0_2_0056F510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, eax		0_2_0055D500
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax		0_2_0056D5AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-67BC38F0h]		0_2_00591648
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]		0_2_0057DE70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+3Ch], 595A5B84h		0_2_00590E3A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]		0_2_0058C6D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, dword ptr [esp+54h]		0_2_0057CEDA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx		0_2_0056C6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp edx		0_2_00592EB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then xor byte ptr [ecx+ebx], bl		0_2_00592EB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h		0_2_00575F00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, word ptr [edx]		0_2_00578F00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then xor byte ptr [ecx+ebx], bl		0_2_00593720
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx+52B71DE2h]		0_2_00591720
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [esp+ebx-09A22FB6h]		0_2_0058F7E0

Networking

Source: Malware configuration extractor	URLs: contemteny.site
Source: Malware configuration extractor	URLs: goalyfeastz.site
Source: Malware configuration extractor	URLs: servicedny.site
Source: Malware configuration extractor	URLs: seallysl.site
Source: Malware configuration extractor	URLs: opposezmny.site
Source: Malware configuration extractor	URLs: authorisev.site
Source: Malware configuration extractor	URLs: dilemmadu.site
Source: Malware configuration extractor	URLs: faulteyotk.site

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00585210 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

0_2_00585210

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00585210 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

0_2_00585210

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_005859B7 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,

0_2_005859B7

System Summary

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005886FE		0_2_005886FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00592850		0_2_00592850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00551000		0_2_00551000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00576800		0_2_00576800
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056482A		0_2_0056482A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005600C5		0_2_005600C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005538E0		0_2_005538E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057509D		0_2_0057509D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00589940		0_2_00589940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055F970		0_2_0055F970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058A97E		0_2_0058A97E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00557960		0_2_00557960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00560118		0_2_00560118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00560130		0_2_00560130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00594920		0_2_00594920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005831DE		0_2_005831DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005931D0		0_2_005931D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005741E0		0_2_005741E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005791E0		0_2_005791E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00581980		0_2_00581980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055F250		0_2_0055F250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057AA40		0_2_0057AA40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055A270		0_2_0055A270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057CA72		0_2_0057CA72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055B260		0_2_0055B260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058E230		0_2_0058E230
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00570A24		0_2_00570A24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005512D5		0_2_005512D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005932C0		0_2_005932C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058A2E0		0_2_0058A2E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056E298		0_2_0056E298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00571B40		0_2_00571B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057EB60		0_2_0057EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055DB20		0_2_0055DB20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055132D		0_2_0055132D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00565BD8		0_2_00565BD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057C3E0		0_2_0057C3E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00592380		0_2_00592380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005933B0		0_2_005933B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00589BA0		0_2_00589BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00594C50		0_2_00594C50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00584C60		0_2_00584C60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057AC04		0_2_0057AC04
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058EC20		0_2_0058EC20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00577CD2		0_2_00577CD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056ECDE		0_2_0056ECDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055ECC0		0_2_0055ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00579494		0_2_00579494
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005594BF		0_2_005594BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055BD70		0_2_0055BD70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056F510		0_2_0056F510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00579D00		0_2_00579D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055ADD0		0_2_0055ADD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00582D80		0_2_00582D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005835B0		0_2_005835B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005755A4		0_2_005755A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00558DA0		0_2_00558DA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056D5AF		0_2_0056D5AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00572E50		0_2_00572E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057D642		0_2_0057D642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057BE10		0_2_0057BE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00594620		0_2_00594620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057762D		0_2_0057762D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057A6D0		0_2_0057A6D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00592EB0		0_2_00592EB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005726A0		0_2_005726A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057762D		0_2_0057762D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055D760		0_2_0055D760
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00556F60		0_2_00556F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00578F00		0_2_00578F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00579494		0_2_00579494
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00593720		0_2_00593720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00591720		0_2_00591720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00558DA0		0_2_00558DA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057B7D9		0_2_0057B7D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057B7FE		0_2_0057B7FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00559F9C		0_2_00559F9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00576F82		0_2_00576F82
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00584F80		0_2_00584F80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00591F80		0_2_00591F80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00554FA0		0_2_00554FA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00559FA8		0_2_00559FA8

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0056C2A0 appears 176 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0055C8C0 appears 71 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal84.troj.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00582088 CoCreateInstance,

0_2_00582088

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 44%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Section loaded: apphelp.dll

Jump to behavior

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\file.exe

API coverage: 4.9 %

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\file.exe

API call chain: ExitProcess graph end node

Anti Debugging

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00590D90 LdrInitializeThunk,

0_2_00590D90

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

HIPS / PFW / Operating System Protection Evasion

Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: servicedny.site
Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: authorisev.site
Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: faulteyotk.site
Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: dilemmadu.site
Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: contemteny.site
Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: goalyfeastz.site
Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: opposezmny.site
Source: file.exe, 00000000.00000002.2929391953.0000000000596000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: seallysl.site

Stealing of Sensitive Information

Source: Yara match

File source: decrypted.binstr, type: MEMORYSTR

Remote Access Functionality

Source: Yara match

File source: decrypted.binstr, type: MEMORYSTR