General
-
Target
Twvaedwzfyck1.exe
-
Size
604KB
-
Sample
201204-n3zrw41xhj
-
MD5
5e90cbe0ca793c5f2f41b38efd18e063
-
SHA1
82cb121be4fe27f2c686eb2491f068e8577f5de7
-
SHA256
4930505aa3f93d1a2208358ebe555b87c16222da150fd728c2a92f1d0dcf774f
-
SHA512
302d6401959105e5009fc585002bf0a950d50e397a42ed8e15be82376b57897ab2d741e1df591c9e7fa32e8bc5aad7a08fa3fa6f62fcfec0cb16d996c645398e
Static task
static1
Behavioral task
behavioral1
Sample
Twvaedwzfyck1.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Twvaedwzfyck1.exe
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://185.239.242.195/po1/1/cgi.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Twvaedwzfyck1.exe
-
Size
604KB
-
MD5
5e90cbe0ca793c5f2f41b38efd18e063
-
SHA1
82cb121be4fe27f2c686eb2491f068e8577f5de7
-
SHA256
4930505aa3f93d1a2208358ebe555b87c16222da150fd728c2a92f1d0dcf774f
-
SHA512
302d6401959105e5009fc585002bf0a950d50e397a42ed8e15be82376b57897ab2d741e1df591c9e7fa32e8bc5aad7a08fa3fa6f62fcfec0cb16d996c645398e
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-