General
-
Target
tas0v3FvZSBpyH2.exe
-
Size
676KB
-
Sample
201109-zy2hdtrb5j
-
MD5
557353bdbd122177a75fe9b79e5b4242
-
SHA1
5815cf11845fb0eac0634fe7422b27f6f51163f5
-
SHA256
3347f2ee195495a012ed7553481c88da56ff417f428598706c8d629dad11fe51
-
SHA512
e7eb2ae7db03555fdf1c800305bc060fc07e6d9667910a9a022cc10f40e6d3edf901b7f4903799706b43566977e2e1f62e971109ffe84c9398f3f11beea10b74
Behavioral task
behavioral1
Sample
tas0v3FvZSBpyH2.exe
Resource
win7v20201028
Malware Config
Extracted
lokibot
http://skull3.ga/martins27/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
tas0v3FvZSBpyH2.exe
-
Size
676KB
-
MD5
557353bdbd122177a75fe9b79e5b4242
-
SHA1
5815cf11845fb0eac0634fe7422b27f6f51163f5
-
SHA256
3347f2ee195495a012ed7553481c88da56ff417f428598706c8d629dad11fe51
-
SHA512
e7eb2ae7db03555fdf1c800305bc060fc07e6d9667910a9a022cc10f40e6d3edf901b7f4903799706b43566977e2e1f62e971109ffe84c9398f3f11beea10b74
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-