9542c4da...9ff2 | IOCs
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Dropper, Backdoor

laafdy.exe

Windows Exe (x86-32)

Created at 2019-04-10T11:54:00

...

Indicators

File (8)
»
Filename Hash Operations Source
AboveLockAppHost.exe - Access
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setx.url MD5: a635d51b90fc12c47dd74b2126c73a83
SHA1: 208591acfec3c5235865395317a5cc2cab9416bd
SHA256: 853ee679a046ef13c6b18fcc601e99e5fcb3ae3d738235d6382f37404745f5c5
SSDeep: 3:HRAbABGQVuOEwREaKC5KkZzIdktXNn:HRYF5OxiaZ5K0ICN
ImpHash: None 		Access, Write Dropped File
C:\Users\FD1HVy\AppData\Roaming\phoneactivate - Access
C:\Users\FD1HVy\AppData\Roaming\phoneactivate\AboveLockAppHost.exe MD5: 6d6a9da3ed1f72ed583f4c62373d9530
SHA1: 71961de25ea0d1f47ebfa33382a2db054f193b94
SHA256: 99a1b0fecaeef1933f737c9a8eccf5e05e91ed1aeba46ac9eac2dc7863ca88c5
SSDeep: 24576:KCdxte/80jYLT3U1jfsWagtD3Y37V7bLMKixQaR:Lw80cTsjkWag+79b4Kxg
ImpHash: afcdf79be1557326c854b6e20cb900a7 		Access, Write Dropped File
C:\Users\FD1HVy\AppData\Roaming\phoneactivate\setx.vbs MD5: f674e1b3b514a8f401d779ae26147e6b
SHA1: 4822751d6b452261ad539813f99756c4dbf882b6
SHA256: 0a89f1b05c990f5fceaab56d385f8092cbd7960399a31e68f5423ef49cbf0003
SSDeep: 3:jaPcYoncIQBHoEwREaKC5KkZzIdktXNHn:jk+cjIxiaZ5K0IC1
ImpHash: None 		Access, Write Dropped File
C:\Users\FD1HVy\Desktop\laafdy.exe MD5: b6ebd9021bce7665ac01a1614ef6b7e6
SHA1: 81109eef625dec849e60d61f8e17dc8b7d893246
SHA256: 9542c4da58ef85804bd1240ed67bef02f5d5bca0b0084a074a3575894d929ff2
SSDeep: 24576:KCdxte/80jYLT3U1jfsWagtD3Y37V7bLMKixQaZ:Lw80cTsjkWag+79b4KxM
ImpHash: None 		Access, Read Sample File
C:\Users\FD1HVy\Desktop\laafdy.exe:Zone.Identifier - Access
phoneactivate - Access
Registry (9)
»
Registry Key Name Operations
HKEY_CURRENT_USER\Control Panel\Mouse Access
HKEY_CURRENT_USER\Control Panel\Mouse\SwapMouseButtons Read
HKEY_CURRENT_USER\Software\AutoIt v3\AutoIt Access
HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\ Access
HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\\licence Write
HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\\name Read
HKEY_CURRENT_USER\Software\Net123432asdds-QHTWEM\\override Read
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName Read
Mutex (2)
»
Mutex Name Operations
Net123432asdds-QHTWEM Access
PnPUnattend Access
Domain (1)
»
Domain Sources
micxrus.ru PCAP, Function Log
IP (1)
»
IP Protocols Sources
194.5.98.89 DNS, TCP PCAP, Function Log
Export to TXT Export to JSON
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image