General
-
Target
b266df03c57659792d1ed7f5b6e68507
-
Size
595KB
-
Sample
240304-r8clqsea55
-
MD5
b266df03c57659792d1ed7f5b6e68507
-
SHA1
b3cc97d0cdbac7735cbf05e75105fcc9b1bab26b
-
SHA256
ef4dc347901bbc4ed2bf4bc21dc8faa2ce9691af0ba20e659ea4464320f24348
-
SHA512
bfd2f73e5ac40b804659de5dc5a137f44588a3d000bade94896696e51254c846e9a20045fa351074c0e93067cf3881d8bdb1156b5ad31d98dc6fd952ae2a7b72
-
SSDEEP
12288:RhRNEnAmVA1Yy0NTJHOUnn1Iv/gVjniap0BQHLpBlH5ne387utOUsR6:BvmVAl0npnn1Gjcd
Static task
static1
Behavioral task
behavioral1
Sample
b266df03c57659792d1ed7f5b6e68507.exe
Resource
win7-20240215-en
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/7KyDs3toUfmfd
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b266df03c57659792d1ed7f5b6e68507
-
Size
595KB
-
MD5
b266df03c57659792d1ed7f5b6e68507
-
SHA1
b3cc97d0cdbac7735cbf05e75105fcc9b1bab26b
-
SHA256
ef4dc347901bbc4ed2bf4bc21dc8faa2ce9691af0ba20e659ea4464320f24348
-
SHA512
bfd2f73e5ac40b804659de5dc5a137f44588a3d000bade94896696e51254c846e9a20045fa351074c0e93067cf3881d8bdb1156b5ad31d98dc6fd952ae2a7b72
-
SSDEEP
12288:RhRNEnAmVA1Yy0NTJHOUnn1Iv/gVjniap0BQHLpBlH5ne387utOUsR6:BvmVAl0npnn1Gjcd
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-