General
-
Target
b35d07e921f82fe88971e425181c0109
-
Size
956KB
-
Sample
240305-a6mv9ahe7w
-
MD5
b35d07e921f82fe88971e425181c0109
-
SHA1
c1d3f707fc203ad873048c660c1cab47e92497f4
-
SHA256
231be312e4d1c745711fa80bb917a3310cf3622ac3739d8e5cbcf211e2adf01c
-
SHA512
2e084e007a70fb7a36f2ebc108c2a28ed788c33c9906e5436d6cd9db9023343d6a31e19f8d122c265b6cd27dc0518454bfa9cce524d23d83ffcca7bc076c2840
-
SSDEEP
12288:1yZi970BZpMXKGeIrqXaIPat9Ak0lHSglXBm3G7uH7fZcNAxffkMsWd:1yZlTa3YtVlxmJ+Ap
Static task
static1
Behavioral task
behavioral1
Sample
b35d07e921f82fe88971e425181c0109.exe
Resource
win7-20240221-en
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/S7zr5v1fXI3Rb
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b35d07e921f82fe88971e425181c0109
-
Size
956KB
-
MD5
b35d07e921f82fe88971e425181c0109
-
SHA1
c1d3f707fc203ad873048c660c1cab47e92497f4
-
SHA256
231be312e4d1c745711fa80bb917a3310cf3622ac3739d8e5cbcf211e2adf01c
-
SHA512
2e084e007a70fb7a36f2ebc108c2a28ed788c33c9906e5436d6cd9db9023343d6a31e19f8d122c265b6cd27dc0518454bfa9cce524d23d83ffcca7bc076c2840
-
SSDEEP
12288:1yZi970BZpMXKGeIrqXaIPat9Ak0lHSglXBm3G7uH7fZcNAxffkMsWd:1yZlTa3YtVlxmJ+Ap
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-