General
-
Target
Samples.exe
-
Size
185KB
-
Sample
210623-bb1ekhkhne
-
MD5
e079ebb471a7db52fa456af14440d58d
-
SHA1
a7c3b75d04dd91fb5b51d0786dab2a29455d1265
-
SHA256
97e8e53c9ad758050c08da0cf14f7024dba1d7710b0f612f13d2b5a458dd13bb
-
SHA512
7052b123151bdc3b3f8d8d5b8a6b89c88534eea65e256cbba42733c3f0643458b3f1ba9c5a6255083c8de1b3dc15e277d50ad6159a7c0c40ade834385aeaa6f4
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/5mGrB9x77E21g
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Samples.exe
-
Size
185KB
-
MD5
e079ebb471a7db52fa456af14440d58d
-
SHA1
a7c3b75d04dd91fb5b51d0786dab2a29455d1265
-
SHA256
97e8e53c9ad758050c08da0cf14f7024dba1d7710b0f612f13d2b5a458dd13bb
-
SHA512
7052b123151bdc3b3f8d8d5b8a6b89c88534eea65e256cbba42733c3f0643458b3f1ba9c5a6255083c8de1b3dc15e277d50ad6159a7c0c40ade834385aeaa6f4
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-