General
-
Target
94ce17c9c372fa3b45d1a0791b4eae3b851938c019acb583d5d72d33a68303eb.exe
-
Size
317KB
-
Sample
211203-n7t8lsbdg2
-
MD5
077755c67dcc6a0dbeb780ccedf28d18
-
SHA1
a89a9c455055cbf44eca9f505cb74fd4c4e10a50
-
SHA256
94ce17c9c372fa3b45d1a0791b4eae3b851938c019acb583d5d72d33a68303eb
-
SHA512
48c9760472cce14b3018904a1dc8be215bb6a647c83e76b9eab28b758843268921954d186c649dfc0175d3e9f8da69018a141ce634b9b0015e0f643956c29a0f
Static task
static1
Behavioral task
behavioral1
Sample
94ce17c9c372fa3b45d1a0791b4eae3b851938c019acb583d5d72d33a68303eb.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
94ce17c9c372fa3b45d1a0791b4eae3b851938c019acb583d5d72d33a68303eb.exe
Resource
win10-en-20211014
Malware Config
Extracted
lokibot
http://pticallogz.xyz/oluwa/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
94ce17c9c372fa3b45d1a0791b4eae3b851938c019acb583d5d72d33a68303eb.exe
-
Size
317KB
-
MD5
077755c67dcc6a0dbeb780ccedf28d18
-
SHA1
a89a9c455055cbf44eca9f505cb74fd4c4e10a50
-
SHA256
94ce17c9c372fa3b45d1a0791b4eae3b851938c019acb583d5d72d33a68303eb
-
SHA512
48c9760472cce14b3018904a1dc8be215bb6a647c83e76b9eab28b758843268921954d186c649dfc0175d3e9f8da69018a141ce634b9b0015e0f643956c29a0f
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-