General
-
Target
KAi3qCkCrMADbj2.exe
-
Size
625KB
-
Sample
210511-b63el78fzx
-
MD5
534e325601d10023ace9461ad5051f74
-
SHA1
45510f38a9ea49b6723b84084bb8aeccf5cd7bee
-
SHA256
417a33c2d1b075159eb78934740620abac3e12b838b7d5c035fef9306f5a598f
-
SHA512
c027a28df0de321547ca2eff066421b1a0b9fa2412eae9791bd8a4d93c7103b233a7fb493fc2072aee7986905e6d109bd9e99f263b98f29736a75e38720e24e5
Static task
static1
Behavioral task
behavioral1
Sample
KAi3qCkCrMADbj2.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://173.208.204.37/k.php/7MPTLmOD4nAsj
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
KAi3qCkCrMADbj2.exe
-
Size
625KB
-
MD5
534e325601d10023ace9461ad5051f74
-
SHA1
45510f38a9ea49b6723b84084bb8aeccf5cd7bee
-
SHA256
417a33c2d1b075159eb78934740620abac3e12b838b7d5c035fef9306f5a598f
-
SHA512
c027a28df0de321547ca2eff066421b1a0b9fa2412eae9791bd8a4d93c7103b233a7fb493fc2072aee7986905e6d109bd9e99f263b98f29736a75e38720e24e5
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-