General
-
Target
Aiqamyjeu2.exe
-
Size
611KB
-
Sample
201204-qd5j9hn6ej
-
MD5
af6956c3441b679ff98850c499c3c45e
-
SHA1
de44a12ab89fbecfa350ce21d679c0c04cbe64b2
-
SHA256
0c7b624462f4f6adc240631b4c6f0ff2b2af456b2d86880716e744d943f10b29
-
SHA512
0b7cd09d545b703a743c10882e446d2572925d56b3a947480107d6ebc8d6607d527a4898d9eb6dea643a9d969bf5d2da77d65c6778aa8c4bfe2dd532f48b5265
Static task
static1
Behavioral task
behavioral1
Sample
Aiqamyjeu2.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Aiqamyjeu2.exe
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://185.239.242.195/os/2b/cgi.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Aiqamyjeu2.exe
-
Size
611KB
-
MD5
af6956c3441b679ff98850c499c3c45e
-
SHA1
de44a12ab89fbecfa350ce21d679c0c04cbe64b2
-
SHA256
0c7b624462f4f6adc240631b4c6f0ff2b2af456b2d86880716e744d943f10b29
-
SHA512
0b7cd09d545b703a743c10882e446d2572925d56b3a947480107d6ebc8d6607d527a4898d9eb6dea643a9d969bf5d2da77d65c6778aa8c4bfe2dd532f48b5265
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-