General
-
Target
TT Copy Of Payment.ARJ
-
Size
419KB
-
Sample
211201-t9yayahah5
-
MD5
52ad61c6e8e42494fd0ef5a44aa9a6b9
-
SHA1
51b8b494784db200a125cc76bddc974c1a8547ef
-
SHA256
e36584177d24d335044de0be000a349b79932d3c9b25c7940956c0baf825c9cb
-
SHA512
10b104770ea1d57d4a11f0919fca08246eb3c9ef196e647cf62a535d3cb4557be4bea39f89942f40c65b55305d4a4ca0e691210add9692b0cc2c6b79f66ad758
Static task
static1
Behavioral task
behavioral1
Sample
H069685744768944.SCR
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
H069685744768944.SCR
Resource
win10-en-20211104
Malware Config
Extracted
lokibot
http://obilok.xyz/dx/77.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
H069685744768944.SCR
-
Size
459KB
-
MD5
358c6110d2177b53e7e3777c73a609bd
-
SHA1
03e4a5a30e3209ce44e65b0ad75de8a640a2aba9
-
SHA256
adae194bf36b9519149adc7c2a3fd19fef3fddb209c81107f19e04a001e4237b
-
SHA512
e18c39e3940d3fcbf4f19ab84503a6afc976ea3592decbf1d076c5ab844a6bcb1a84d119850991ee37208b0d5006d4a3d313e51493f9c717689b3cd08078839b
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-