General
-
Target
4584329169764352.zip
-
Size
365KB
-
Sample
211201-z763ysbbh2
-
MD5
bcab9ad739cf8866920b08e32e2b40bf
-
SHA1
291f637de0e4db355743b633a1768966e1af171a
-
SHA256
75261eb69798fe5d2ea735231fad128165f153bc3f9649f6b38047a85426c53d
-
SHA512
064afea747c8db43bd05b15d6acfabce795b7463cca2959a05b91206bcb8cea93d9d94dd182be628f63a5277fe9c76f5590c5238f99eaa61c17d0b5eccbf8264
Static task
static1
Behavioral task
behavioral1
Sample
9ff45b3452987fc5734b08ae8a38553a2932b6a6f9c8c18e309ad8415b6a29a8.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
9ff45b3452987fc5734b08ae8a38553a2932b6a6f9c8c18e309ad8415b6a29a8.exe
Resource
win10-en-20211104
Malware Config
Extracted
lokibot
http://secure01-redirect.net/gb5/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
9ff45b3452987fc5734b08ae8a38553a2932b6a6f9c8c18e309ad8415b6a29a8
-
Size
432KB
-
MD5
523eb8fe16b36d0747ab9b524fbe963d
-
SHA1
15542e8e1a4be67b6a2d3425cc99da3d303dcfcd
-
SHA256
9ff45b3452987fc5734b08ae8a38553a2932b6a6f9c8c18e309ad8415b6a29a8
-
SHA512
dbf5699694775306d443a645c64200713a7bb0cfdec7ca7d7a36e6d5b73aa6c02f143256a8bdad67d06ec9f48b53e1ca93140d970510fdee6cbb3604bbda2128
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-