Sample details: 7ce778fe9e25baab25c7837056cc17a3 --

Hashes
MD5: 7ce778fe9e25baab25c7837056cc17a3
SHA1: 8c803eb7147c288d306b4bdc799f48671248240d
SHA256: 28a1d5ce188b6285595598b6c51e21aee6a0bcb342f3605b219a80aadaee7a66
SSDEEP: 96:lKO6mLB8ckJvThgcnEu9QTSsEStwhqsuqj3G7y1DevROTvTv/ju92lImwoGdIkpx:lKO6mLivTS2KSysjrfHNlIawpSY
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Armadillo_v4x | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsConsole | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10065.malware
http://52.161.26.253/10260.malware
http://52.161.26.253/10265.malware
Strings
		!This program cannot be run in DOS mode.
q@Rich{
`.rdata
@.data
HHtpHHtl
_9=xl@
YYh,`@
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
DSUVWh
t.;t$$t(
VC20XC00U