General
-
Target
kayo.exe
-
Size
29KB
-
Sample
210408-14t55fcnxe
-
MD5
7b9af96c1828d52a8d6380b02ef72c18
-
SHA1
28a32a49f3d857ba4e869901e85328b2fa2cdc10
-
SHA256
7aeaa9cbabc54c36844d5852172c449865bf4c524693ae7aa9909b87627052fa
-
SHA512
c50ed68634623a85754c32b79ee3a264b327892867e21888b6d9d14b2ef57a2782fa588446b650c29ba0b795dc1291546c40aea27fb5ec8d85ff9226bc87e04f
Static task
static1
Behavioral task
behavioral1
Sample
kayo.exe
Resource
win7v20201028
Malware Config
Extracted
lokibot
http://amrp.tw/kayo/gate.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
kayo.exe
-
Size
29KB
-
MD5
7b9af96c1828d52a8d6380b02ef72c18
-
SHA1
28a32a49f3d857ba4e869901e85328b2fa2cdc10
-
SHA256
7aeaa9cbabc54c36844d5852172c449865bf4c524693ae7aa9909b87627052fa
-
SHA512
c50ed68634623a85754c32b79ee3a264b327892867e21888b6d9d14b2ef57a2782fa588446b650c29ba0b795dc1291546c40aea27fb5ec8d85ff9226bc87e04f
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-