General
-
Target
e63e3587e1c98a2512669f1a8a31c594f18eb8087e9ff413cba99e849315566a.exe
-
Size
136KB
-
Sample
210419-8yfr1cryxj
-
MD5
888dc51206a6512e8aa6cb60a7012029
-
SHA1
8bf815c49cf4a369bbdf6a8cedcf893c0c634d47
-
SHA256
e63e3587e1c98a2512669f1a8a31c594f18eb8087e9ff413cba99e849315566a
-
SHA512
5d913afd3f61e33d0e37fac4aeaf1506af072d501d8b6c9f1bb4385399e2e3d312b338ebebd6332f74f48ae183469321b63db8d495cec0ff9a05bb24fa10fb4d
Static task
static1
Behavioral task
behavioral1
Sample
e63e3587e1c98a2512669f1a8a31c594f18eb8087e9ff413cba99e849315566a.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://csdhlag.cf/adolf/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e63e3587e1c98a2512669f1a8a31c594f18eb8087e9ff413cba99e849315566a.exe
-
Size
136KB
-
MD5
888dc51206a6512e8aa6cb60a7012029
-
SHA1
8bf815c49cf4a369bbdf6a8cedcf893c0c634d47
-
SHA256
e63e3587e1c98a2512669f1a8a31c594f18eb8087e9ff413cba99e849315566a
-
SHA512
5d913afd3f61e33d0e37fac4aeaf1506af072d501d8b6c9f1bb4385399e2e3d312b338ebebd6332f74f48ae183469321b63db8d495cec0ff9a05bb24fa10fb4d
-
Guloader Payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-