General
-
Target
herm.exe
-
Size
381KB
-
Sample
201120-7enyjdmjr6
-
MD5
853bc175953f241b72cb2dfae9350178
-
SHA1
528fa064b018c1493716375db8ac4b24f755ae6b
-
SHA256
511cb0df6dcc428a2235369ac641d147047dce490afb2fbf4ebd2fbf35e87f5a
-
SHA512
4afbbf5c727ab9ca05ede1a562bb2b414019f1d0e031d75fd8d863608e171dc24bf635ce491b86649aaef14729493c51189b5a359ccf096c205db0219cce962b
Static task
static1
Behavioral task
behavioral1
Sample
herm.exe
Resource
win7v20201028
Malware Config
Extracted
lokibot
http://crestmart.ga/main/config/herm/temp.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
herm.exe
-
Size
381KB
-
MD5
853bc175953f241b72cb2dfae9350178
-
SHA1
528fa064b018c1493716375db8ac4b24f755ae6b
-
SHA256
511cb0df6dcc428a2235369ac641d147047dce490afb2fbf4ebd2fbf35e87f5a
-
SHA512
4afbbf5c727ab9ca05ede1a562bb2b414019f1d0e031d75fd8d863608e171dc24bf635ce491b86649aaef14729493c51189b5a359ccf096c205db0219cce962b
-
Loads dropped DLL
-