General
-
Target
a2f517902067cb80e4115511d3c530a39fece06060e0569af7d197eaa7ea6ef5.exe
-
Size
444KB
-
Sample
210426-124jv1vmfx
-
MD5
75af2c38b49bb7a98e001725edf88559
-
SHA1
6f48f3e6d4d1c3d49a2f6a70fa707315ec9fcebc
-
SHA256
a2f517902067cb80e4115511d3c530a39fece06060e0569af7d197eaa7ea6ef5
-
SHA512
d8b603a8e4210d70898a8a6665667ebb5e35131e952078fa36f4bbd26cd0810d65639339f30b2b7406c61edd5876e3e581b467b3f1d203f30bfafa8ee1e6e377
Static task
static1
Behavioral task
behavioral1
Sample
a2f517902067cb80e4115511d3c530a39fece06060e0569af7d197eaa7ea6ef5.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://104.168.140.79/ghost/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a2f517902067cb80e4115511d3c530a39fece06060e0569af7d197eaa7ea6ef5.exe
-
Size
444KB
-
MD5
75af2c38b49bb7a98e001725edf88559
-
SHA1
6f48f3e6d4d1c3d49a2f6a70fa707315ec9fcebc
-
SHA256
a2f517902067cb80e4115511d3c530a39fece06060e0569af7d197eaa7ea6ef5
-
SHA512
d8b603a8e4210d70898a8a6665667ebb5e35131e952078fa36f4bbd26cd0810d65639339f30b2b7406c61edd5876e3e581b467b3f1d203f30bfafa8ee1e6e377
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-