General
-
Target
64b919d36bd2047074cf6887e88e890871e9421305583a20da902265e31d15e4
-
Size
245KB
-
Sample
211021-1ajf3aagc4
-
MD5
d0d80da52bd01843d38139b1ddf1ca3a
-
SHA1
da78153f04dae889906a621dcb1625035c4a292e
-
SHA256
64b919d36bd2047074cf6887e88e890871e9421305583a20da902265e31d15e4
-
SHA512
d0ab8c7ca8ebe802dbb80da9239c8eef49fa5206807d53981a51b3014a4c0b6932b3903ea80a5b96477341dee47002b8ab01d1f78a511d2d72dd402271941b16
Static task
static1
Behavioral task
behavioral1
Sample
64b919d36bd2047074cf6887e88e890871e9421305583a20da902265e31d15e4.exe
Resource
win10-en-20211014
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=955547
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
64b919d36bd2047074cf6887e88e890871e9421305583a20da902265e31d15e4
-
Size
245KB
-
MD5
d0d80da52bd01843d38139b1ddf1ca3a
-
SHA1
da78153f04dae889906a621dcb1625035c4a292e
-
SHA256
64b919d36bd2047074cf6887e88e890871e9421305583a20da902265e31d15e4
-
SHA512
d0ab8c7ca8ebe802dbb80da9239c8eef49fa5206807d53981a51b3014a4c0b6932b3903ea80a5b96477341dee47002b8ab01d1f78a511d2d72dd402271941b16
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-