General
-
Target
Attached Details.exe
-
Size
537KB
-
Sample
211202-j55t4sdbdm
-
MD5
be45f415c556a8772077f9c60ea9cbf8
-
SHA1
9bc8f15e06e5d5cb7baa875d7b30685e049cc683
-
SHA256
edca5671042af86bafb53a556aace35639b5ccabd30efe4d7e4a5baa61040a3d
-
SHA512
2e04d7a57fa1d5ce4612cd21fd265aebe70a260b2ec81400ec78bbd86b8b443a9de6f647100c5dfa49279e3d2d42c5c4c2954269a86b6ba7081de3dffaef8925
Static task
static1
Behavioral task
behavioral1
Sample
Attached Details.exe
Resource
win7-en-20211104
Malware Config
Extracted
lokibot
https://noithatcombo.com.vn/.stop/need/work/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Attached Details.exe
-
Size
537KB
-
MD5
be45f415c556a8772077f9c60ea9cbf8
-
SHA1
9bc8f15e06e5d5cb7baa875d7b30685e049cc683
-
SHA256
edca5671042af86bafb53a556aace35639b5ccabd30efe4d7e4a5baa61040a3d
-
SHA512
2e04d7a57fa1d5ce4612cd21fd265aebe70a260b2ec81400ec78bbd86b8b443a9de6f647100c5dfa49279e3d2d42c5c4c2954269a86b6ba7081de3dffaef8925
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-