General
-
Target
No. ATOMYU14.21.jpg.exe
-
Size
185KB
-
Sample
210623-v2sse1q4da
-
MD5
aa2bd93add61460d059367e41d89195c
-
SHA1
9368ee245f899583bdc97ad8e13f4b02b09dbe38
-
SHA256
7f347545daf832b84a0cb2d823af46e874cb7c69f436814c58355262e594c4d3
-
SHA512
7701741099368b2cd3346bcc25aee27ee4a30036c94719a37b3dba22a86fab87b3b718aff7fa6f7c2375254fa0c99fd6b28f8e484f010e4f5d14057dcca083ff
Static task
static1
Behavioral task
behavioral1
Sample
No. ATOMYU14.21.jpg.exe
Resource
win7v20210410
Malware Config
Extracted
guloader
https://onedrive.live.com/download?cid=1130B101447311D6&resid=1130B101447311D6%21110&authkey=AItUmaWbMyy7Wt4
Extracted
lokibot
http://63.141.228.141/32.php/NtbXO1knHRe3C
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
No. ATOMYU14.21.jpg.exe
-
Size
185KB
-
MD5
aa2bd93add61460d059367e41d89195c
-
SHA1
9368ee245f899583bdc97ad8e13f4b02b09dbe38
-
SHA256
7f347545daf832b84a0cb2d823af46e874cb7c69f436814c58355262e594c4d3
-
SHA512
7701741099368b2cd3346bcc25aee27ee4a30036c94719a37b3dba22a86fab87b3b718aff7fa6f7c2375254fa0c99fd6b28f8e484f010e4f5d14057dcca083ff
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-