General
-
Target
01e7b759fb1280b34a32c02b3c78d8c7dbe93d05a1755e2a33b4edf9b58ce974.exe
-
Size
1.1MB
-
Sample
210115-6axkawayt6
-
MD5
2e88f4a66ec353f345fea7605167323d
-
SHA1
52030b0f09e98e1f8012c962a4463f55d296c3ec
-
SHA256
01e7b759fb1280b34a32c02b3c78d8c7dbe93d05a1755e2a33b4edf9b58ce974
-
SHA512
355b682ea768e5380593766766e51c80947e0b8c68093769e6d1e1eec4e04530f8e79b62bf788dd3c2dab751420b029b4cabcca1d28263e08681be0fbaa67b64
Static task
static1
Behavioral task
behavioral1
Sample
01e7b759fb1280b34a32c02b3c78d8c7dbe93d05a1755e2a33b4edf9b58ce974.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
01e7b759fb1280b34a32c02b3c78d8c7dbe93d05a1755e2a33b4edf9b58ce974.exe
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://185.206.215.56/morx/1/cgi.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
01e7b759fb1280b34a32c02b3c78d8c7dbe93d05a1755e2a33b4edf9b58ce974.exe
-
Size
1.1MB
-
MD5
2e88f4a66ec353f345fea7605167323d
-
SHA1
52030b0f09e98e1f8012c962a4463f55d296c3ec
-
SHA256
01e7b759fb1280b34a32c02b3c78d8c7dbe93d05a1755e2a33b4edf9b58ce974
-
SHA512
355b682ea768e5380593766766e51c80947e0b8c68093769e6d1e1eec4e04530f8e79b62bf788dd3c2dab751420b029b4cabcca1d28263e08681be0fbaa67b64
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-