General
-
Target
afee66064a1dea25baf891c7a3732f68
-
Size
620KB
-
Sample
240301-bepq7she45
-
MD5
afee66064a1dea25baf891c7a3732f68
-
SHA1
299da7a5c7f6def73b77abe28f0f0d13d74b7622
-
SHA256
dc87d63546767b8395b2f8e774982baf32b0cbae2a1e8bd14bd982f2f68eddfc
-
SHA512
53b5868f66325ae7e708265bc93b19f6ef242193f5f042d1b1e9e73e1dbd2512678e48182dccedf3dd750b54b4dea86c815076f0d720da6ba2db38d005f0019b
-
SSDEEP
6144:8NUZhiUZFJLgGO/WTadbvTMM/gJ9NYhUZcfumxc5jni5mUH+N:8eZhzU9vTMl9GTRc99
Static task
static1
Behavioral task
behavioral1
Sample
afee66064a1dea25baf891c7a3732f68.exe
Resource
win7-20240221-en
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/S7zr5v1fXI3Rb
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
afee66064a1dea25baf891c7a3732f68
-
Size
620KB
-
MD5
afee66064a1dea25baf891c7a3732f68
-
SHA1
299da7a5c7f6def73b77abe28f0f0d13d74b7622
-
SHA256
dc87d63546767b8395b2f8e774982baf32b0cbae2a1e8bd14bd982f2f68eddfc
-
SHA512
53b5868f66325ae7e708265bc93b19f6ef242193f5f042d1b1e9e73e1dbd2512678e48182dccedf3dd750b54b4dea86c815076f0d720da6ba2db38d005f0019b
-
SSDEEP
6144:8NUZhiUZFJLgGO/WTadbvTMM/gJ9NYhUZcfumxc5jni5mUH+N:8eZhzU9vTMl9GTRc99
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-