General
-
Target
BID INSTRUCTIONSCOMMERCIAL.exe
-
Size
535KB
-
Sample
210503-brqhceh2wn
-
MD5
8bc942117444fafd1c484ba3c277d0b4
-
SHA1
c7277325b1b9a5b2500198c2074e62523cd3135b
-
SHA256
d4021060ba2ca5034165d5a2c735bdaa54bad25180ebf0f8e0c6d5f6af69e18e
-
SHA512
8a2291d14da2e42f82e25414b9ac09c549ee1daa377bbbbdd61b276541a29fbe4a6a1cbf95673d8bb777ff66b9feb8b7a437a8555aa063b5af2732758158af41
Static task
static1
Behavioral task
behavioral1
Sample
BID INSTRUCTIONSCOMMERCIAL.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://104.168.175.179/ghost/panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
BID INSTRUCTIONSCOMMERCIAL.exe
-
Size
535KB
-
MD5
8bc942117444fafd1c484ba3c277d0b4
-
SHA1
c7277325b1b9a5b2500198c2074e62523cd3135b
-
SHA256
d4021060ba2ca5034165d5a2c735bdaa54bad25180ebf0f8e0c6d5f6af69e18e
-
SHA512
8a2291d14da2e42f82e25414b9ac09c549ee1daa377bbbbdd61b276541a29fbe4a6a1cbf95673d8bb777ff66b9feb8b7a437a8555aa063b5af2732758158af41
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-