flash

ORDINE + DDT A.M.F SpA.exe

Status: finished
Submission Time: 25.11.2021 10:37:16
Malicious
Trojan
Evader
Spyware
GuLoader Lokibot

Comments

Tags

  • exe
  • guloader

Details

  • Analysis ID:
    528460
  • API (Web) ID:
    895988
  • Analysis Started:
    25.11.2021 10:37:18
  • Analysis Finished:
    25.11.2021 10:59:14
  • MD5:
    f5423b7a89876044078cbb68db883af8
  • SHA1:
    24c550c47d26090f298fea030d7fb890c94737a5
  • SHA256:
    68a315123349444d30fed12643a7be20eb003531a4b95d0db800fb765449037d
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
76/100

System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

malicious
100/100

malicious
14/65

malicious

IPs

IP Country Detection
176.223.209.128
United Kingdom
197.242.150.64
South Africa

Domains

Name IP Detection
farmanat.ro
176.223.209.128
fabricraft.co.za
197.242.150.64

URLs

Name Detection
https://farmanat.ro/arman30/five/fre.php
http://farmanat.ro/arman30/five/fre.php
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
Click to see the 17 hidden entries
https://fabricraft.co.za/
https://fabricraft.co.za/Farmant_hhVNwJna195.binn
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
http://schemas.xmlsoap.org/ws/2004/09/policy
http://schemas.xmlsoap.org/wsdl/erties
http://schemas.xmlsoap.org/wsdl/soap12/
https://fabricraft.co.za/.
http://schemas.xmlsoap.org/wsdl/
http://schemas.xmlsoap.org/wsdl/soap12/P
http://www.live.com
http://www.msn.com
http://schemas.xmlsoap.org/ws/2005/02/trust
https://fabricraft.co.za/Farmant_hhVNwJna195.binws;
http://docs.oasis-open.org/ws-sx/ws-trust/200512
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
https://fabricraft.co.za/Farmant_hhVNwJna195.binc
https://fabricraft.co.za/Farmant_hhVNwJna195.bin

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Credentials\93CE54EBD72B5E2187F75E8118A14612_dec
data
#
C:\Users\user\AppData\Local\Temp\~DFBA8B24485FEA2BF0.TMP
Composite Document File V2 Document, Cannot read section info
#
C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.hdb
ISO-8859 text, with no line terminators
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.lck
very short file (no magic)
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6eb
data
#