General
-
Target
9d5a4507ca16ca47315c7b7f58279cf23bbb9ffda2340367130d1d5b2d00740e.exe
-
Size
541KB
-
Sample
210503-g6aawmfdc2
-
MD5
7e1096d0fedac6c88a4f58eefcf1e92b
-
SHA1
fd6292bbb0286425e6be104b2156b173261ac740
-
SHA256
9d5a4507ca16ca47315c7b7f58279cf23bbb9ffda2340367130d1d5b2d00740e
-
SHA512
b32d13ce536e54dae40327557ddf6b215cc186b7dd60a423aaf7ab28d87cba2991ef95b898496b2ea1994ae1e6bb6a77bd8861564d849ba37837da29758dc14c
Static task
static1
Behavioral task
behavioral1
Sample
9d5a4507ca16ca47315c7b7f58279cf23bbb9ffda2340367130d1d5b2d00740e.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://104.168.175.179/ghost2/panels/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
9d5a4507ca16ca47315c7b7f58279cf23bbb9ffda2340367130d1d5b2d00740e.exe
-
Size
541KB
-
MD5
7e1096d0fedac6c88a4f58eefcf1e92b
-
SHA1
fd6292bbb0286425e6be104b2156b173261ac740
-
SHA256
9d5a4507ca16ca47315c7b7f58279cf23bbb9ffda2340367130d1d5b2d00740e
-
SHA512
b32d13ce536e54dae40327557ddf6b215cc186b7dd60a423aaf7ab28d87cba2991ef95b898496b2ea1994ae1e6bb6a77bd8861564d849ba37837da29758dc14c
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-