General
-
Target
gunzipped.exe
-
Size
1.1MB
-
Sample
210624-387dmffr2s
-
MD5
42b6dbac1e076157112bfe9cab5eb637
-
SHA1
7579e290775b3ae1596ceae78ec06cd89d025019
-
SHA256
02dc856782b81740e20d02be3a51f9a20ef512c29077d6654ee0a6c1fc65c703
-
SHA512
280e980f95c27fcb1033d2124e5df241aab83953b17f0486e85d5e8ca691c603c8f53cf23d164c4c6b3d98b30f6ea7966c9117466bb2a56c047392c07b1d8fc0
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/DEuZ9gRuoeHIN
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
gunzipped.exe
-
Size
1.1MB
-
MD5
42b6dbac1e076157112bfe9cab5eb637
-
SHA1
7579e290775b3ae1596ceae78ec06cd89d025019
-
SHA256
02dc856782b81740e20d02be3a51f9a20ef512c29077d6654ee0a6c1fc65c703
-
SHA512
280e980f95c27fcb1033d2124e5df241aab83953b17f0486e85d5e8ca691c603c8f53cf23d164c4c6b3d98b30f6ea7966c9117466bb2a56c047392c07b1d8fc0
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-