top title background image
flash

ORDINE + DDT A.M.F SpA.exe

Status: finished
Submission Time: 2021-11-25 10:37:16 +01:00
Malicious
Trojan
Evader
Spyware
GuLoader, GuLoader Lokibot

Comments

Tags

  • exe
  • guloader

Details

  • Analysis ID:
    528460
  • API (Web) ID:
    895988
  • Analysis Started:
    2021-11-25 10:37:18 +01:00
  • Analysis Finished:
    2021-11-25 10:59:14 +01:00
  • MD5:
    f5423b7a89876044078cbb68db883af8
  • SHA1:
    24c550c47d26090f298fea030d7fb890c94737a5
  • SHA256:
    68a315123349444d30fed12643a7be20eb003531a4b95d0db800fb765449037d
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 76
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
malicious
Score: 100
System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

Third Party Analysis Engines

malicious
Score: 14/65
malicious

IPs

IP Country Detection
176.223.209.128
United Kingdom
197.242.150.64
South Africa

Domains

Name IP Detection
farmanat.ro
176.223.209.128
fabricraft.co.za
197.242.150.64

URLs

Name Detection
http://farmanat.ro/arman30/five/fre.php
https://farmanat.ro/arman30/five/fre.php
http://schemas.xmlsoap.org/wsdl/soap12/P
Click to see the 17 hidden entries
https://fabricraft.co.za/Farmant_hhVNwJna195.bin
https://fabricraft.co.za/Farmant_hhVNwJna195.binc
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
http://docs.oasis-open.org/ws-sx/ws-trust/200512
https://fabricraft.co.za/Farmant_hhVNwJna195.binws;
http://schemas.xmlsoap.org/ws/2005/02/trust
http://www.msn.com
http://www.live.com
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
http://schemas.xmlsoap.org/wsdl/
https://fabricraft.co.za/.
http://schemas.xmlsoap.org/wsdl/soap12/
http://schemas.xmlsoap.org/wsdl/erties
http://schemas.xmlsoap.org/ws/2004/09/policy
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
https://fabricraft.co.za/Farmant_hhVNwJna195.binn
https://fabricraft.co.za/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Credentials\93CE54EBD72B5E2187F75E8118A14612_dec
data
#
C:\Users\user\AppData\Local\Temp\~DFBA8B24485FEA2BF0.TMP
Composite Document File V2 Document, Cannot read section info
#
C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.hdb
ISO-8859 text, with no line terminators
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.lck
very short file (no magic)
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6eb
data
#