General
-
Target
959510b24672d68d5d5b2ee9a060bdb7440b1b094fde76056e639f31eb44214b
-
Size
290KB
-
Sample
220521-cza9zsega7
-
MD5
3637e866d067ad9734c9c67315247df2
-
SHA1
c1f987c863d5e6aaf8403bc59b6c2333433e9d1e
-
SHA256
959510b24672d68d5d5b2ee9a060bdb7440b1b094fde76056e639f31eb44214b
-
SHA512
eb357f0aecc7eff426dbb598c9f7e87c890c0d01a118b935104a26c415314722341267b3d33cb34ea577fd1dd2c8aabf35a45c83850fbbe6a45fc6b3aa9109bd
Static task
static1
Behavioral task
behavioral1
Sample
AWB 673687387678.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://mecharnise.ir/ea2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
AWB 673687387678.exe
-
Size
229KB
-
MD5
84a67aa32e44af3aa1818aa45cc6fb2c
-
SHA1
a437b64ab0e807952566ea06833220992b09367b
-
SHA256
72f5afab926594158b15b13d03b5df7771e35f096377ff6b052b7017661cd189
-
SHA512
305ed05327bab0427c2927b03c2c5a0af0dd60fbdd973078d6ede3f129e12f4055d77d3d4f7b2efe05c33f94e47b73d2cd564e25c97afac7f522adbc7cbbf24f
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-