General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://s3.eu-central-1.amazonaws.com/dasmalwerk/downloads/12256ae063a7afb4bffdd880d213a272b4d0b1cbfbdf0b5334cd4a0ad5693844/12256ae063a7afb4bffdd880d213a272b4d0b1cbfbdf0b5334cd4a0ad5693844.zip
Resource
win10-20240221-en
Malware Config
Extracted
lokibot
http://
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
https://s3.eu-central-1.amazonaws.com/dasmalwerk/downloads/12256ae063a7afb4bffdd880d213a272b4d0b1cbfbdf0b5334cd4a0ad5693844/12256ae063a7afb4bffdd880d213a272b4d0b1cbfbdf0b5334cd4a0ad5693844.zip
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-