General
-
Target
winlog.exe
-
Size
663KB
-
Sample
210227-jn93jwva7n
-
MD5
360437b30bd9db4fa30bb9399d712948
-
SHA1
960a2bcc3e85637ba561a72c6edc31078f184564
-
SHA256
41c7c097e85a0c9ee40d1d92cd47bfff9fdb5752532a21e15c142fa3591eb7b3
-
SHA512
e7b95462a2e4e72805a2597655443d6a0fca905ec66d8a1214b5fddf469d4d085f877bf32683f70f4485a64d63e8bcc1fdd21a6a9e4c5095aacdbaf0e2762bcc
Static task
static1
Behavioral task
behavioral1
Sample
winlog.exe
Resource
win7v20201028
Malware Config
Extracted
lokibot
http://or-logistlcs.com/zoro/zoro2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
winlog.exe
-
Size
663KB
-
MD5
360437b30bd9db4fa30bb9399d712948
-
SHA1
960a2bcc3e85637ba561a72c6edc31078f184564
-
SHA256
41c7c097e85a0c9ee40d1d92cd47bfff9fdb5752532a21e15c142fa3591eb7b3
-
SHA512
e7b95462a2e4e72805a2597655443d6a0fca905ec66d8a1214b5fddf469d4d085f877bf32683f70f4485a64d63e8bcc1fdd21a6a9e4c5095aacdbaf0e2762bcc
-
Suspicious use of SetThreadContext
-