General
-
Target
QP-0766.scr.exe
-
Size
1012KB
-
Sample
210113-l39sxnk1qa
-
MD5
6f2f63ea2779ce7e0c6f7b662b3deeae
-
SHA1
90407553e2142f7f6c73e22ebd8e147d00c0ddc5
-
SHA256
3ec27e7b95a43db7d79fa8a011c09bd9bcb0ef97f5f114b0de2b471e4805fc9d
-
SHA512
fa639e204bfc141990a4089c04b8c8ffce3a85c584868365e7176b6b9a54058e0e6c4d85242cbecfea509c2907c5587f8e800b8378c2949e9bc258771e9d8168
Static task
static1
Behavioral task
behavioral1
Sample
QP-0766.scr.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
QP-0766.scr.exe
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://185.206.215.56/morx/1/cgi.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
QP-0766.scr.exe
-
Size
1012KB
-
MD5
6f2f63ea2779ce7e0c6f7b662b3deeae
-
SHA1
90407553e2142f7f6c73e22ebd8e147d00c0ddc5
-
SHA256
3ec27e7b95a43db7d79fa8a011c09bd9bcb0ef97f5f114b0de2b471e4805fc9d
-
SHA512
fa639e204bfc141990a4089c04b8c8ffce3a85c584868365e7176b6b9a54058e0e6c4d85242cbecfea509c2907c5587f8e800b8378c2949e9bc258771e9d8168
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-