6e4cc242...41c9

Severity	Category	Operation	Classification
5/5	YARA	YARA match	Backdoor
Rule "Gh0stMiancha_1_0_0" from ruleset "Malware" has matched for "\Users\5p5NrGJn0jS HALPmcxz\Desktop\1.exe" ... VTI Actions Go to YARA match
4/5	Information Stealing	Reads application data	Spyware
Possibly trying to readout Filezilla credentials. ... VTI Actions Go to function call
Possibly trying to readout messenger credentials from libpurple. ... VTI Actions Go to function call
3/5	Browser	Reads data related to browser cookies	-
Reads Cookies for "Microsoft Internet Explorer". ... VTI Actions Go to function call
Accesses Cookies for "Microsoft Internet Explorer". ... VTI Actions Go to function call
Accesses Cookies for "Microsoft Edge". ... VTI Actions Go to function call
3/5	Information Stealing	Reads cryptocurrency wallet locations	Spyware
Reads the Monero wallet location. ... VTI Actions Go to function call
Reads the Bitcoin-qt wallet location. ... VTI Actions Go to function call
2/5	Anti Analysis	Resolves APIs dynamically to possibly evade static detection	-
Resolves an unusually high number of APIs. ... VTI Actions Go to function call
2/5	File System	Known suspicious file	Trojan
File "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1.exe" is a known suspicious file. ... VTI Actions Go to file details
2/5	Network	Associated with known malicious/suspicious URLs	-
URL "HTTP://workharder.club/index.php" is known as malicious URL. ... VTI Actions Go to function call
URL "workharder.club" is known as malicious URL. ... VTI Actions
1/5	Information Stealing	Reads system data	Spyware
Reads the cryptographic machine GUID from registry. ... VTI Actions Go to function call
Reads installed programms by enumerating uninstallers ... VTI Actions Go to function call
1/5	Process	Creates system object	-
Creates mutex with name "A6CF1546-B343A2EC-663D8DC8-8FF4A8C5-D82A11F69". ... VTI Actions Go to function call
1/5	Process	Creates process with hidden window	-
The process "C:\Windows\system32\cmd.exe" starts with hidden window. ... VTI Actions Go to function call
1/5	File System	Creates an unusually large number of files	-
Creates an unusually large number of files. ... VTI Actions Go to file details Go to function call
1/5	Network	Downloads data	Downloader
URL "HTTP://workharder.club/index.php". ... VTI Actions Go to function call
1/5	Network	Connects to HTTP server	-
URL "workharder.club/index.php". ... VTI Actions Go to function call
1/5	PE	Drops PE file	Dropper
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-multibyte-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-locale-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-heap-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-util-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-processenvironment-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-rtlsupport-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/msvcp140.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-debug-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-file-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-time-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/vcruntime140.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-synch-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-process-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-string-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/nssdbm3.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-processthreads-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-processthreads-l1-1-1.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/mozglue.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/freebl3.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-handle-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-private-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-localization-l1-2-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-stdio-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-utility-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-synch-l1-2-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-sysinfo-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-string-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-memory-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-profile-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-heap-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/nss3.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-convert-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-math-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-conio-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/softokn3.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-environment-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-file-l2-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-runtime-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-errorhandling-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-file-l1-2-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-datetime-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-timezone-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-interlocked-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-namedpipe-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-filesystem-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-libraryloader-l1-1-0.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/ucrtbase.dll". ... VTI Actions Go to file details Go to function call
Drops file "C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-console-l1-1-0.dll". ... VTI Actions Go to file details Go to function call

Notifications (1/1)

Before

After