Register Login

sloganpng

top title background image

OMHGCG.exe

Status: finished

Submission Time: 2022-11-30 00:44:08 +01:00

Malicious

Trojan

Evader

LodaRAT

Comments

Tags

Details

Analysis ID:
756309
API (Web) ID:
1123585
Analysis Started:

2022-11-30 00:44:09 +01:00
Analysis Finished:

2022-11-30 00:53:00 +01:00
MD5:
fae47086c34007307f6e2cd0c47a97d8
SHA1:
00caba8b2c7d23a2acc78f54155db976d902f2c4
SHA256:
00973673a54cfd2a206c7695fa86077d1a1803629d7207b1e5fb295255a25ae2
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 96	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 40/72

malicious

Score: 30/40

malicious

IPs

IP	Country	Detection
197.42.186.178	Egypt

Domains

Name	IP	Detection
test202022.ddns.net	197.42.186.178

URLs

Name	Detection
http://www.autoitscript.com/autoit3/files/beta/autoit/archive/sqlite/SQLite3
http://www.autoitscript.com/autoit3/files/beta/autoit/archive/sqlite/SQLite3%%
http://checkip.amazonaws.com/D
Click to see the 4 hidden entries
http://www.autoitscript.com/autoit3/files/beta/autoit/archive/sqlite/SQLite3GK
http://ip-score.com/checkip/
http://checkip.amazonaws.com/
http://www.autoitscript.com/autoit3/files/beta/autoit/archive/sqlite/SQLite3D

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Roaming\Windata\update.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZFZRCN.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Wed Nov 30 07:45:52 2022, mtime=Wed Nov 30 07:45:53 2022, atime=Wed Nov 30 07:45:53 2022, length=808241, (…)	#