Analysis
-
max time kernel
129s -
max time network
181s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
24-06-2021 03:07
Static task
static1
Behavioral task
behavioral1
Sample
3611d560a21bf2d2f4641a3e3fa76756.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
3611d560a21bf2d2f4641a3e3fa76756.exe
-
Size
358KB
-
MD5
3611d560a21bf2d2f4641a3e3fa76756
-
SHA1
1ece03720b34dbba699936e1fa1cd3bb719c20ea
-
SHA256
e4e0857b271733e43190c89d0f20bb647137f68fa7b2b5cc387b0c367ec1427c
-
SHA512
cfa66e97b3dacc55f2b9055f194ac6d28f920354a4362d7e1045613ae7fb935eb93a90ea505995ff070cb5abdf850021ced547b747494f763499b1e8008adc5c
Malware Config
Extracted
Family
lokibot
C2
http://manvim.co/fd3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
Processes:
3611d560a21bf2d2f4641a3e3fa76756.exepid process 1048 3611d560a21bf2d2f4641a3e3fa76756.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
3611d560a21bf2d2f4641a3e3fa76756.exedescription pid process Token: SeDebugPrivilege 1048 3611d560a21bf2d2f4641a3e3fa76756.exe