General
-
Target
0a00b3f54e580bd83e27806dd4b9a5dfa207cdef1b687fcac362766a5b919453
-
Size
318KB
-
Sample
220521-ex6n8ahha4
-
MD5
55b844a17223c250d0b4b67ae22ac5b5
-
SHA1
8d5f2c87ed3aa7d55a4d2d1159c75c291562d6ed
-
SHA256
0a00b3f54e580bd83e27806dd4b9a5dfa207cdef1b687fcac362766a5b919453
-
SHA512
0caf19480bc81ecb69c2655ee1bb82b8a06c3b9e5c6f7c320a35d0e35aaf20ace972d9b3252be77d66fc729f496cd58dde9f64cdabe412fc77ad7cdc0d0bae93
Static task
static1
Behavioral task
behavioral1
Sample
NEW-ORDER23FG.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://mecharnise.ir/ea1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
NEW-ORDER23FG.exe
-
Size
257KB
-
MD5
0c3227b06f7434d5ad34ab48563ba8b0
-
SHA1
8814d1f397ad035f2f899ed4957271912c1bb327
-
SHA256
af34abd9ebf843a20d33224397e71493847e1c903082bb39f4c3029da58d5b05
-
SHA512
c1a1bb71e3e63f74ef8153f24a03b83c1d3b826054078f12cbfdca698cf5e1559ae1c6fd1612f27f1a4a4c8550e9a4467bfd4e7ef01d0074244c1efa4cfda8c4
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-