General
-
Target
gunzipped.exe
-
Size
518KB
-
Sample
210623-9p2d8dwnxa
-
MD5
fc0199d22b504b1a551d5d0e1474fd4c
-
SHA1
04607145bfc8fafb8413e969593a65e2ed86a485
-
SHA256
0d9b5c176c7db0c067711afadce4630e5be2671d9f9431d5291e702d0b4cabad
-
SHA512
f4ada22cdc2acdad31e17fe99eab1edfd76364c7d00197809a2418df2e7a193703dca1e42007e3daa8e94e9c90c5edd816aac92bab900f6a4d85b85a98cfb719
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/fn1ToJTMzu3Td
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
https://www.tepevizyon.com.tr/xx/Panel/fre.php
Targets
-
-
Target
gunzipped.exe
-
Size
518KB
-
MD5
fc0199d22b504b1a551d5d0e1474fd4c
-
SHA1
04607145bfc8fafb8413e969593a65e2ed86a485
-
SHA256
0d9b5c176c7db0c067711afadce4630e5be2671d9f9431d5291e702d0b4cabad
-
SHA512
f4ada22cdc2acdad31e17fe99eab1edfd76364c7d00197809a2418df2e7a193703dca1e42007e3daa8e94e9c90c5edd816aac92bab900f6a4d85b85a98cfb719
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-