General
-
Target
triage_dropped_file
-
Size
566KB
-
Sample
210727-k5waskzp2a
-
MD5
66da45ed268a07990768ee03d70e4502
-
SHA1
3cef4bb7af1179eabd38cd1e1989dc9c41f5c69c
-
SHA256
b90e3f203d5736096b41b710e1fa0ab10f26025e84e4fcf1e4bc760a0306ed72
-
SHA512
ffb07451f68ac863c803407d5081f07aec97824cbe15390b4e658e4f455b2635769f53d375d497aa4e493364458b8f85aa6539e45dbaa31aab4cca347e0f0ee9
Static task
static1
Behavioral task
behavioral1
Sample
triage_dropped_file.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/jRbn3g7uWVTsx
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
triage_dropped_file
-
Size
566KB
-
MD5
66da45ed268a07990768ee03d70e4502
-
SHA1
3cef4bb7af1179eabd38cd1e1989dc9c41f5c69c
-
SHA256
b90e3f203d5736096b41b710e1fa0ab10f26025e84e4fcf1e4bc760a0306ed72
-
SHA512
ffb07451f68ac863c803407d5081f07aec97824cbe15390b4e658e4f455b2635769f53d375d497aa4e493364458b8f85aa6539e45dbaa31aab4cca347e0f0ee9
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-