General
-
Target
PICKING LIST.exe
-
Size
240KB
-
Sample
200630-5sszsjxjd2
-
MD5
4cf22b7498169674c8702bc82ca2c4fe
-
SHA1
60203e9be1c7be54a5725f99d16c50d347e1d759
-
SHA256
be06b8eb9fc296493c0f6838ad4b55993e2076c53383565cbfa03715af7cc2cd
-
SHA512
36bafc5a38dfb42461d5fb3066551214cd6e58661596565b6656f426a2412346437fb1b56172d06b82fc5ab2e1dae38217341040ef970d20fe9a0b692df200b4
Static task
static1
Behavioral task
behavioral1
Sample
PICKING LIST.exe
Resource
win7
Behavioral task
behavioral2
Sample
PICKING LIST.exe
Resource
win10v200430
Malware Config
Extracted
lokibot
http://mecharnise.ir/ea1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PICKING LIST.exe
-
Size
240KB
-
MD5
4cf22b7498169674c8702bc82ca2c4fe
-
SHA1
60203e9be1c7be54a5725f99d16c50d347e1d759
-
SHA256
be06b8eb9fc296493c0f6838ad4b55993e2076c53383565cbfa03715af7cc2cd
-
SHA512
36bafc5a38dfb42461d5fb3066551214cd6e58661596565b6656f426a2412346437fb1b56172d06b82fc5ab2e1dae38217341040ef970d20fe9a0b692df200b4
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-