General
-
Target
dc475e00d9bc4e94ab1d528a5540e67d.exe
-
Size
371KB
-
Sample
200909-bbjtzrcgee
-
MD5
dc475e00d9bc4e94ab1d528a5540e67d
-
SHA1
348dbddf7b7c0488f25afb5c8f0ec312f7813fee
-
SHA256
bc36c8d0ca400dd8e12f7d5af0569c24f549305697b46804fa700edf573884fb
-
SHA512
c992aa79f057e9169b259cabe3ede64fba606f7434e496cc0c910211a5f8ba0cb67784a6a14827bd67ceb3897156add1ce2a59a00cad8e9a24e24a210f118486
Static task
static1
Behavioral task
behavioral1
Sample
dc475e00d9bc4e94ab1d528a5540e67d.exe
Resource
win7v200722
Malware Config
Extracted
lokibot
http://joovy.ga/webxpo/gate.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
dc475e00d9bc4e94ab1d528a5540e67d.exe
-
Size
371KB
-
MD5
dc475e00d9bc4e94ab1d528a5540e67d
-
SHA1
348dbddf7b7c0488f25afb5c8f0ec312f7813fee
-
SHA256
bc36c8d0ca400dd8e12f7d5af0569c24f549305697b46804fa700edf573884fb
-
SHA512
c992aa79f057e9169b259cabe3ede64fba606f7434e496cc0c910211a5f8ba0cb67784a6a14827bd67ceb3897156add1ce2a59a00cad8e9a24e24a210f118486
-
Modifies firewall policy service
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-