General
-
Target
0a5d7fa47a64d4ecbd90906723fa614dd8483d04d314f340bf50b7bdb64ecd27
-
Size
316KB
-
Sample
211021-1ax98abfhp
-
MD5
95dbac1d5762155f81369b309e48d13f
-
SHA1
276282d9d308ed63f26133864f1769975a66a28e
-
SHA256
0a5d7fa47a64d4ecbd90906723fa614dd8483d04d314f340bf50b7bdb64ecd27
-
SHA512
fa39e32a4d629c601ac16b4245663e8c4ca4a043eb7f02f4fb2aaf5cc0b4ae09de3309f1c3ef1fb8081c4a5f772d29b70db2116e32f248ae404f30dae4afe146
Static task
static1
Behavioral task
behavioral1
Sample
0a5d7fa47a64d4ecbd90906723fa614dd8483d04d314f340bf50b7bdb64ecd27.exe
Resource
win10-en-20210920
Malware Config
Extracted
lokibot
http://checkvim.com/fd7/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0a5d7fa47a64d4ecbd90906723fa614dd8483d04d314f340bf50b7bdb64ecd27
-
Size
316KB
-
MD5
95dbac1d5762155f81369b309e48d13f
-
SHA1
276282d9d308ed63f26133864f1769975a66a28e
-
SHA256
0a5d7fa47a64d4ecbd90906723fa614dd8483d04d314f340bf50b7bdb64ecd27
-
SHA512
fa39e32a4d629c601ac16b4245663e8c4ca4a043eb7f02f4fb2aaf5cc0b4ae09de3309f1c3ef1fb8081c4a5f772d29b70db2116e32f248ae404f30dae4afe146
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-