VMRay Analyzer Report for Sample #1004415
VMRay Analyzer
3.2.2
URI
raw.githubusercontent.com
Resolved_To
Address
151.101.12.133
URI
github.map.fastly.net
Resolved_To
URI
u667503srd.ha004.t.justns.ru
Resolved_To
Address
185.22.155.62
Process
1
4452
brjujs.exe
1376
brjujs.exe
"C:\Users\FD1HVy\Desktop\brjujs.exe"
C:\Users\FD1HVy\Desktop\
c:\users\fd1hvy\desktop\brjujs.exe
Created
Created
Opened
Opened
Opened
Opened
Mutex
1668818982
Mutex
1668818982
WinRegistryKey
SOFTWARE\Mozilla\Mozilla Firefox
HKEY_LOCAL_MACHINE
WinRegistryKey
Software\Valve\Steam
HKEY_CURRENT_USER
WinRegistryKey
SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE
WinRegistryKey
SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE
ProductName
Analyzed Sample #1004415
Malware Artifacts
1004415
Sample-ID: #1004415
Job-ID: #2809029
This sample was analyzed by VMRay Analyzer 3.2.2 on a Windows 10 Redstone 2 system
100
VTI Score based on VTI Database Version 3.6
Metadata of Sample File #1004415
Submission-ID: #4520541
49a56e067a73bb6f553b8df8a354d3b3328b8fffb64a459a1e719d86df89a322exe
MD5
70e863fb5753b95b4bb7d8c746ae4b94
SHA1
40bdba0699a9e2b003f929717c14b5b3966ff9f4
SHA256
49a56e067a73bb6f553b8df8a354d3b3328b8fffb64a459a1e719d86df89a322
Opened_By
Metadata of Analysis for Job-ID #2809029
False
All processes terminated
True
93.206
NQDPDE
win10_64_rs2
x86 64-bit
Windows 10 Redstone 2
10.0.15063.540 (f6f48955-5489-4b24-b4df-942361f0730d)
FD1HVy
NQDPDE
This is a property collection for additional information of VMRay analysis
VMRay Analyzer
Anti Analysis
VTI rule match with VTI rule score 1/5
vmray_detect_analyzer_sandbox_by_patched_sleep
Possibly trying to detect analyzer sandbox by checking for patched sleep.
Tries to detect analyzer sandbox
Mutex
VTI rule match with VTI rule score 1/5
vmray_create_named_mutex
Creates mutex with name "1668818982".
Creates mutex
Anti Analysis
VTI rule match with VTI rule score 2/5
vmray_detect_generic_vm_by_file
Tries to detect "VirtualBox" via file "c:\windows\system32\vboxservice.exe".
Tries to detect virtual machine
Discovery
VTI rule match with VTI rule score 1/5
vmray_recon_app_data_by_registry
Tries to gather information about application "Mozilla Firefox" by registry.
Possibly does reconnaissance
Discovery
VTI rule match with VTI rule score 1/5
vmray_recon_app_data_by_file
Tries to gather information about application "Mozilla Firefox" by file.
Possibly does reconnaissance
Data Collection
VTI rule match with VTI rule score 2/5
vmray_read_other_app_creds_by_file
Trying to read sensitive data of application "Pidgin" by file.
Reads sensitive application data
Discovery
VTI rule match with VTI rule score 1/5
vmray_recon_app_data_by_file
Tries to gather information about application "Pidgin" by file.
Possibly does reconnaissance
Data Collection
VTI rule match with VTI rule score 2/5
vmray_read_ftp_creds_by_file
Trying to read sensitive data of ftp application "FileZilla" by file.
Reads sensitive ftp data
Discovery
VTI rule match with VTI rule score 1/5
vmray_recon_app_data_by_file
Tries to gather information about application "FileZilla" by file.
Possibly does reconnaissance
Data Collection
VTI rule match with VTI rule score 2/5
vmray_read_browser_creds_by_file
Trying to read sensitive data of web browser "Google Chrome" by file.
Reads sensitive browser data
Discovery
VTI rule match with VTI rule score 1/5
vmray_recon_app_data_by_registry
Tries to gather information about application "Steam" by registry.
Possibly does reconnaissance
Discovery
VTI rule match with VTI rule score 0/5
vmray_enumerate_processes
Enumerates running processes.
Enumerates running processes
Data Collection
VTI rule match with VTI rule score 2/5
vmray_read_vaulted_ie_creds_by_api
Trying to read credentials of web browser "Internet Explorer" by reading from the system's credential vault.
Reads sensitive browser data
Antivirus
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected the sample itself as "Gen:Variant.Razy.680355".
Malicious content was detected by heuristic scan
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "raw.githubusercontent.com/fkarelli/fjrusbftnf/master/nyun.txt".
Connects to HTTP server
Network Connection
VTI rule match with VTI rule score 1/5
vmray_establish_http_connection
URL "u667503srd.ha004.t.justns.ru/collect.php".
Connects to HTTP server
Data Collection
VTI rule match with VTI rule score 4/5
vmray_meta_classify_spyware_for_excessive_infosteal
Tries to read sensitive data of: FileZilla, Google Chrome, Internet Explorer, Pidgin.
Exhibits Spyware behavior