General
-
Target
Project Documents.exe
-
Size
443KB
-
Sample
210426-jx3lfl82f2
-
MD5
3a095701eca03dc0cf7396f0af13e809
-
SHA1
c6767c6097cfd0e12ad9f7118972db9038265345
-
SHA256
b54f1ceae1984382b373346f833a4f244abbe92476d3a2050a3150d3f43b1811
-
SHA512
c2c92bb834af70462ada972c156a427c1f22d17fbe3b8d5e5c543c074dd46670ade42584376c9ddffbd6b22e633f3749476123f446b51d521f9a8cfe8004a462
Static task
static1
Behavioral task
behavioral1
Sample
Project Documents.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://104.168.140.79/ghost/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Project Documents.exe
-
Size
443KB
-
MD5
3a095701eca03dc0cf7396f0af13e809
-
SHA1
c6767c6097cfd0e12ad9f7118972db9038265345
-
SHA256
b54f1ceae1984382b373346f833a4f244abbe92476d3a2050a3150d3f43b1811
-
SHA512
c2c92bb834af70462ada972c156a427c1f22d17fbe3b8d5e5c543c074dd46670ade42584376c9ddffbd6b22e633f3749476123f446b51d521f9a8cfe8004a462
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-