flash

OMHGCG.exe

Status: finished
Submission Time: 2022-11-30 00:44:08 +01:00
Malicious
Trojan
Evader
LodaRAT

Comments

Tags

  • exe
  • LodaRat

Details

  • Analysis ID:
    756309
  • API (Web) ID:
    1123585
  • Analysis Started:
    2022-11-30 00:44:09 +01:00
  • Analysis Finished:
    2022-11-30 00:53:00 +01:00
  • MD5:
    fae47086c34007307f6e2cd0c47a97d8
  • SHA1:
    00caba8b2c7d23a2acc78f54155db976d902f2c4
  • SHA256:
    00973673a54cfd2a206c7695fa86077d1a1803629d7207b1e5fb295255a25ae2
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
96/100

malicious
40/72

malicious
30/40

malicious

IPs

IP Country Detection
197.42.186.178
Egypt

Domains

Name IP Detection
test202022.ddns.net
197.42.186.178

URLs

Name Detection
http://www.autoitscript.com/autoit3/files/beta/autoit/archive/sqlite/SQLite3
http://www.autoitscript.com/autoit3/files/beta/autoit/archive/sqlite/SQLite3%%
http://checkip.amazonaws.com/D
Click to see the 4 hidden entries
http://www.autoitscript.com/autoit3/files/beta/autoit/archive/sqlite/SQLite3GK
http://ip-score.com/checkip/
http://checkip.amazonaws.com/
http://www.autoitscript.com/autoit3/files/beta/autoit/archive/sqlite/SQLite3D

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\Windata\update.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZFZRCN.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Wed Nov 30 07:45:52 2022, mtime=Wed Nov 30 07:45:53 2022, atime=Wed Nov 30 07:45:53 2022, length=808241, (…)
#