General
-
Target
PO-4147074_pdf.ace
-
Size
668KB
-
Sample
210421-mcgzwsad7x
-
MD5
d181c261d57a6352733a68c37ec63472
-
SHA1
14415af946546b03da77cd1f9931d47a91205269
-
SHA256
141bb53e82f9d6e5e6707ee5305cef2b55ec1ae8ab0344e01dea7bdbea8c4d58
-
SHA512
18cbe1a56926561b76a4e207decf404fd885470ce399c3b57513480a5e4f6d1dc4728ac125edd34ec53ebab7fcf2167338d5964c06c464878f675b6ee86187f8
Static task
static1
Behavioral task
behavioral1
Sample
PO-4147074_pdf.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://51.195.53.221/p.php/7MPTLmOD4nAsj
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PO-4147074_pdf.exe
-
Size
690KB
-
MD5
44843dd3330a3965f49c9be7f174858e
-
SHA1
e07a307359ecfe63e6dd16c8c31aee4552822300
-
SHA256
3a034fa5c2fe8254340a6d7fd68887fb925d0d4804758d60e87aac56e737cfa8
-
SHA512
efdd3f775d4a3fe198130a0c52e3b994bb7198781a49d410ebb7a49b6ec9d8ad2aeed5c0e3ffa02477814658390bb6a5e1e7eff95c74b5b9ddcfa42ce990e81a
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-