General
-
Target
atthRvEIg0jnC3J.exe
-
Size
1.2MB
-
Sample
211206-en6b4agba6
-
MD5
9782afd18ba790514f4d7f6e62043497
-
SHA1
7e3112d9c56ebe1736a3c454b34477e9582d2eb2
-
SHA256
e6da9d2433087eefae84669c79e53da728dc0bfaae8375f04f869661e8e629d7
-
SHA512
5207e7e48693ac5f74291980e3221f73d93dff93293b1c0d7a68a7c5821ef87f8ed4dc17f7ba4e554d61f80788347c9f2236b743c0b2684f53bbc34ec1bb9d8a
Static task
static1
Behavioral task
behavioral1
Sample
atthRvEIg0jnC3J.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
atthRvEIg0jnC3J.exe
Resource
win10-en-20211104
Malware Config
Extracted
lokibot
http://63.250.34.171/tickets.php?id=505
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
atthRvEIg0jnC3J.exe
-
Size
1.2MB
-
MD5
9782afd18ba790514f4d7f6e62043497
-
SHA1
7e3112d9c56ebe1736a3c454b34477e9582d2eb2
-
SHA256
e6da9d2433087eefae84669c79e53da728dc0bfaae8375f04f869661e8e629d7
-
SHA512
5207e7e48693ac5f74291980e3221f73d93dff93293b1c0d7a68a7c5821ef87f8ed4dc17f7ba4e554d61f80788347c9f2236b743c0b2684f53bbc34ec1bb9d8a
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-