General
-
Target
26f31b698376af399a1d75715975f88370ff13c53751950649b86fce186f0fb0
-
Size
353KB
-
Sample
230129-zbb8psdf7s
-
MD5
e3f8e033875a82ab63588f8feee23893
-
SHA1
7272f754aeaffb52c1e7ad7b5181761cc085c410
-
SHA256
26f31b698376af399a1d75715975f88370ff13c53751950649b86fce186f0fb0
-
SHA512
ba5eff3610afbbb535c099877ded4bc59c99f0e59ed8c582784b53ab91e6448c1211694ef4581640b4713bf95d829bc799ad91cbe41270ebff379f79f8234fbf
-
SSDEEP
6144:ueVy26SwvpXpLUbvdeIZs56PbwFeA8uIYzaEo4wbgsUER26ZpnPpCw1N:ueVy+wvpXpATdeIZsoPbwFeyrzho4wbD
Static task
static1
Behavioral task
behavioral1
Sample
26f31b698376af399a1d75715975f88370ff13c53751950649b86fce186f0fb0.exe
Resource
win7-20221111-en
Malware Config
Extracted
lokibot
http://cyrpbrotlimeklim.sytes.net/Oildjfirm/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
26f31b698376af399a1d75715975f88370ff13c53751950649b86fce186f0fb0
-
Size
353KB
-
MD5
e3f8e033875a82ab63588f8feee23893
-
SHA1
7272f754aeaffb52c1e7ad7b5181761cc085c410
-
SHA256
26f31b698376af399a1d75715975f88370ff13c53751950649b86fce186f0fb0
-
SHA512
ba5eff3610afbbb535c099877ded4bc59c99f0e59ed8c582784b53ab91e6448c1211694ef4581640b4713bf95d829bc799ad91cbe41270ebff379f79f8234fbf
-
SSDEEP
6144:ueVy26SwvpXpLUbvdeIZs56PbwFeA8uIYzaEo4wbgsUER26ZpnPpCw1N:ueVy+wvpXpATdeIZsoPbwFeyrzho4wbD
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-