flash

PO-A2174679-06.exe

Status: finished
Submission Time: 23.02.2021 08:37:28
Malicious
Trojan
Spyware
Evader
GuLoader Lokibot

Comments

Tags

  • exe

Details

  • Analysis ID:
    356484
  • API (Web) ID:
    614950
  • Analysis Started:
    23.02.2021 08:47:07
  • Analysis Finished:
    23.02.2021 08:55:18
  • MD5:
    fdec289fb4626dd56bbb55770ae5f432
  • SHA1:
    1a1f324185e6114fb1362b00f27fe8009a202361
  • SHA256:
    eb53256b217e27a7ab0f71be2181599a79dc0569dea7fdbc5b32cf96a6bc9109
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
11/68

IPs

IP Country Detection
192.185.78.145
United States

Domains

Name IP Detection
accessasia.com.hk
192.185.78.145
onedrive.live.com
0.0.0.0
hrf0ga.bn.files.1drv.com
0.0.0.0

URLs

Name Detection
http://accessasia.com.hk/ovation/five/fre.php
https://cdn.discordapp.com/attachments/813514912135380996/813514973141532722/ovation_byHOXsph232.bin
https://onedrive.live.com/n
Click to see the 4 hidden entries
https://onedrive.live.com/download?cid=B1076D30E2A6430F&resid=B1076D30E2A6430F%21110&authkey=AO3GCQa
https://onedrive.live.com/
https://hrf0ga.bn.files.1drv.com/
http://sinatrasmob.com/pro/ovation_byHOXsph232.bin

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
very short file (no magic)
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\89dad5d484a9f889a3a8dfca823edc3e_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
#