General
-
Target
3df3b989eee8bec7d4f9f65e865335e311bd578308cf3b53c0acc5af48bc073e.exe
-
Size
641KB
-
Sample
211014-gq8lcagcf5
-
MD5
5823e499ad88c4329380e4a8221be769
-
SHA1
23958f5b98c808a2dd8a6dbdbadc9656545fcb00
-
SHA256
3df3b989eee8bec7d4f9f65e865335e311bd578308cf3b53c0acc5af48bc073e
-
SHA512
d305c4f5c0507a9bcdd75389d11784e0128a1d6981e964a2879c1d491079aaf11e787a6632559d681d0731d02e7ad6ae8528539d43bcc722ba0da7af42ed2cd9
Static task
static1
Behavioral task
behavioral1
Sample
3df3b989eee8bec7d4f9f65e865335e311bd578308cf3b53c0acc5af48bc073e.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
3df3b989eee8bec7d4f9f65e865335e311bd578308cf3b53c0acc5af48bc073e.exe
Resource
win10v20210408
Malware Config
Extracted
lokibot
http://37.0.10.190/non/z/pin.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3df3b989eee8bec7d4f9f65e865335e311bd578308cf3b53c0acc5af48bc073e.exe
-
Size
641KB
-
MD5
5823e499ad88c4329380e4a8221be769
-
SHA1
23958f5b98c808a2dd8a6dbdbadc9656545fcb00
-
SHA256
3df3b989eee8bec7d4f9f65e865335e311bd578308cf3b53c0acc5af48bc073e
-
SHA512
d305c4f5c0507a9bcdd75389d11784e0128a1d6981e964a2879c1d491079aaf11e787a6632559d681d0731d02e7ad6ae8528539d43bcc722ba0da7af42ed2cd9
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-