General
-
Target
90888234001.exe
-
Size
304KB
-
Sample
211201-vwfdmshdf6
-
MD5
c5c2e5971f4f19df20127be16eb48072
-
SHA1
585ffaa0d05ba2df63e2fa8da479bafc72019c04
-
SHA256
f3029b1449900977d1bb8fd5242683e8d5780549572b86cb5b843a986df4fa0f
-
SHA512
ee9ed7fc0f8341063e71dc276b1f0d72819986d949068d8663096396e85a3670e055d52945f199e1decb883652d5afb54d619c00029d343e52381d9aef71395f
Static task
static1
Behavioral task
behavioral1
Sample
90888234001.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
90888234001.exe
Resource
win10-en-20211014
Malware Config
Extracted
lokibot
http://63.250.34.171/tickets.php?id=539
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
90888234001.exe
-
Size
304KB
-
MD5
c5c2e5971f4f19df20127be16eb48072
-
SHA1
585ffaa0d05ba2df63e2fa8da479bafc72019c04
-
SHA256
f3029b1449900977d1bb8fd5242683e8d5780549572b86cb5b843a986df4fa0f
-
SHA512
ee9ed7fc0f8341063e71dc276b1f0d72819986d949068d8663096396e85a3670e055d52945f199e1decb883652d5afb54d619c00029d343e52381d9aef71395f
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-