General
-
Target
36b62272406ef548125819792b88045abbe14f58a2c439ac2b5aa993278a46c2
-
Size
820KB
-
Sample
230129-zazbvadf51
-
MD5
d8100d0e58094f445dd5b30ed652acac
-
SHA1
42b473c4dd81085ff403e184d62dbef37229cfc7
-
SHA256
36b62272406ef548125819792b88045abbe14f58a2c439ac2b5aa993278a46c2
-
SHA512
b726a9ff9b6cced2c6522c5155bb457ead17d3e8610aae83ef3f0de48ee98664bc421b490e037a7f2ed4f8a3c8f52059f6b3dc584577564cf2a044302b5a0836
-
SSDEEP
12288:GBs4YVakkUOm8EkTPQxvvDh6f1NpQansFQSs0Y723A654wYkPPt:GNm8EaPlTq1Fk03Q6PYw
Static task
static1
Behavioral task
behavioral1
Sample
36b62272406ef548125819792b88045abbe14f58a2c439ac2b5aa993278a46c2.exe
Resource
win7-20220812-en
Malware Config
Extracted
lokibot
http://spunkyiopkslookup.ddns.net/IjfOlJFP/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
36b62272406ef548125819792b88045abbe14f58a2c439ac2b5aa993278a46c2
-
Size
820KB
-
MD5
d8100d0e58094f445dd5b30ed652acac
-
SHA1
42b473c4dd81085ff403e184d62dbef37229cfc7
-
SHA256
36b62272406ef548125819792b88045abbe14f58a2c439ac2b5aa993278a46c2
-
SHA512
b726a9ff9b6cced2c6522c5155bb457ead17d3e8610aae83ef3f0de48ee98664bc421b490e037a7f2ed4f8a3c8f52059f6b3dc584577564cf2a044302b5a0836
-
SSDEEP
12288:GBs4YVakkUOm8EkTPQxvvDh6f1NpQansFQSs0Y723A654wYkPPt:GNm8EaPlTq1Fk03Q6PYw
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-