General
-
Target
po.exe
-
Size
535KB
-
Sample
210503-kf9fsneacs
-
MD5
6c0c7128e3673edf9a8fb128a45a319e
-
SHA1
1f70c7daa4b2bee51f7a5e2a7315a8c54b606700
-
SHA256
81c772e7c3443e928084c9c25b4b7a31002dbac9c4c977eeace73dd721243317
-
SHA512
fea221bf11629ba5cb44be79a9cd6fbefdc22aa25d98187f6b2d3a4bb0d50db9c24cab93f85c00d9cc3a3e3affe22d2acb16282bcdb9fc913ea757cd97dd5c6d
Static task
static1
Malware Config
Extracted
lokibot
http://104.168.175.179/ghost2/panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
po.exe
-
Size
535KB
-
MD5
6c0c7128e3673edf9a8fb128a45a319e
-
SHA1
1f70c7daa4b2bee51f7a5e2a7315a8c54b606700
-
SHA256
81c772e7c3443e928084c9c25b4b7a31002dbac9c4c977eeace73dd721243317
-
SHA512
fea221bf11629ba5cb44be79a9cd6fbefdc22aa25d98187f6b2d3a4bb0d50db9c24cab93f85c00d9cc3a3e3affe22d2acb16282bcdb9fc913ea757cd97dd5c6d
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-