General
-
Target
97e8e53c9ad758050c08da0cf14f7024dba1d7710b0f612f13d2b5a458dd13bb
-
Size
185KB
-
Sample
210623-ag45jhg1be
-
MD5
e079ebb471a7db52fa456af14440d58d
-
SHA1
a7c3b75d04dd91fb5b51d0786dab2a29455d1265
-
SHA256
97e8e53c9ad758050c08da0cf14f7024dba1d7710b0f612f13d2b5a458dd13bb
-
SHA512
7052b123151bdc3b3f8d8d5b8a6b89c88534eea65e256cbba42733c3f0643458b3f1ba9c5a6255083c8de1b3dc15e277d50ad6159a7c0c40ade834385aeaa6f4
Static task
static1
Behavioral task
behavioral1
Sample
97e8e53c9ad758050c08da0cf14f7024dba1d7710b0f612f13d2b5a458dd13bb.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/5mGrB9x77E21g
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
97e8e53c9ad758050c08da0cf14f7024dba1d7710b0f612f13d2b5a458dd13bb
-
Size
185KB
-
MD5
e079ebb471a7db52fa456af14440d58d
-
SHA1
a7c3b75d04dd91fb5b51d0786dab2a29455d1265
-
SHA256
97e8e53c9ad758050c08da0cf14f7024dba1d7710b0f612f13d2b5a458dd13bb
-
SHA512
7052b123151bdc3b3f8d8d5b8a6b89c88534eea65e256cbba42733c3f0643458b3f1ba9c5a6255083c8de1b3dc15e277d50ad6159a7c0c40ade834385aeaa6f4
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-