General
-
Target
5cd263243369cc7338a221f416328bf7c1be1d648ddf3485eaf6e7cbb0016149.exe
-
Size
444KB
-
Sample
210426-h4gh1lj52j
-
MD5
55fa247362c8d44eb5c1aca6e671d894
-
SHA1
71a8a5588dde3a595d1522e2f8aa5e8e328c57e7
-
SHA256
5cd263243369cc7338a221f416328bf7c1be1d648ddf3485eaf6e7cbb0016149
-
SHA512
831f882647c633261354ee9c29861c1b15af2ab8794ccd33425c36894df52a53cd919f81f28aef4dab08e152e1046536a2fb2e83dc3090ab9c680ea5f3c9bbbf
Static task
static1
Behavioral task
behavioral1
Sample
5cd263243369cc7338a221f416328bf7c1be1d648ddf3485eaf6e7cbb0016149.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://104.168.213.88/ghost1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5cd263243369cc7338a221f416328bf7c1be1d648ddf3485eaf6e7cbb0016149.exe
-
Size
444KB
-
MD5
55fa247362c8d44eb5c1aca6e671d894
-
SHA1
71a8a5588dde3a595d1522e2f8aa5e8e328c57e7
-
SHA256
5cd263243369cc7338a221f416328bf7c1be1d648ddf3485eaf6e7cbb0016149
-
SHA512
831f882647c633261354ee9c29861c1b15af2ab8794ccd33425c36894df52a53cd919f81f28aef4dab08e152e1046536a2fb2e83dc3090ab9c680ea5f3c9bbbf
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-