Sample details: 964e2ebce5b31f7cfd8af7b4277b3e75

Hashes
MD5: 964e2ebce5b31f7cfd8af7b4277b3e75
SHA1: a877c4f811a7d35aa4533400b338dfa66793f1bb
SHA256: 6addc6099433aa29013870ff0eed68dc04945c2b667a9e7dfe69aa3f60f7ee59
SSDEEP: 384:n82rvSFPZlH19GTXjdhDK5uujYcV6AUwJFZb:n8C6RPV9Ahe5fYcV6Dw9b
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://109.234.36.233/bot/Miner/bin/Release/LoaderBot.exe
http://109.234.36.233/bot/Miner/bin/Release/LoaderBot.exe