General
-
Target
gunzipped.exe
-
Size
811KB
-
Sample
210511-marwsnp7v2
-
MD5
5c67d88f6e0d9a814ca812637c2355df
-
SHA1
2cbc7f5c8dbe68e94755ffa33b3d53d7f0e2c439
-
SHA256
7fe3cf53819cc62bd4c5812de2db482e05c0a77fbfb42413863c4967596458df
-
SHA512
280b6e199bfb089ec1fab68d5da5395fa49227fe939f1e7d9741849216dc9ffd6f54f1777779ae59092601e4f909d71f6b3e56f62e33bfb7dd900561dc160be7
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://173.208.204.37/k.php/yefJbphgQgDjo
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
gunzipped.exe
-
Size
811KB
-
MD5
5c67d88f6e0d9a814ca812637c2355df
-
SHA1
2cbc7f5c8dbe68e94755ffa33b3d53d7f0e2c439
-
SHA256
7fe3cf53819cc62bd4c5812de2db482e05c0a77fbfb42413863c4967596458df
-
SHA512
280b6e199bfb089ec1fab68d5da5395fa49227fe939f1e7d9741849216dc9ffd6f54f1777779ae59092601e4f909d71f6b3e56f62e33bfb7dd900561dc160be7
-
Suspicious use of SetThreadContext
-