General
-
Target
cf7095f7f790691075cc0fa8416b421e.exe
-
Size
309KB
-
Sample
211206-hts6hagce6
-
MD5
cf7095f7f790691075cc0fa8416b421e
-
SHA1
9171714663e69ade80b438f65e4b4d5ce36276d7
-
SHA256
105c6a65575df97241ddc6b81c72fe929007105cffe748163ce80cdcad8c8283
-
SHA512
f2625103d722291b8f0b7ac40e6246ce4591c902e6184126e4c7b5ca43214fab95ddb6084efa9991a43e635c38602a7d3d251cb6eb4b6d6caa288ee93c95b5d3
Static task
static1
Behavioral task
behavioral1
Sample
cf7095f7f790691075cc0fa8416b421e.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
cf7095f7f790691075cc0fa8416b421e.exe
Resource
win10-en-20211104
Malware Config
Extracted
lokibot
http://hdmibonquet.ir/oluwa/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
cf7095f7f790691075cc0fa8416b421e.exe
-
Size
309KB
-
MD5
cf7095f7f790691075cc0fa8416b421e
-
SHA1
9171714663e69ade80b438f65e4b4d5ce36276d7
-
SHA256
105c6a65575df97241ddc6b81c72fe929007105cffe748163ce80cdcad8c8283
-
SHA512
f2625103d722291b8f0b7ac40e6246ce4591c902e6184126e4c7b5ca43214fab95ddb6084efa9991a43e635c38602a7d3d251cb6eb4b6d6caa288ee93c95b5d3
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-