General
-
Target
RHY009878999.BAT.exe
-
Size
1.2MB
-
Sample
211206-hts6hagce7
-
MD5
cb2441099d6f5e62e912dafe7d4159c0
-
SHA1
7b1874dd66b87c86126176078b5bc2ca29c6be0f
-
SHA256
b14df7e61bbbe9158b2851136d18c942b22629df86ccf9d25a0522da43eee9a2
-
SHA512
b4a20ea93db156655e9bb23d711b0ca54c22f6145cc48eb4ebd9706084bab2127447a665a0fb4ddb0d24a9b3e76e2252f3accfcf7febd9330ea289250f0f8055
Static task
static1
Behavioral task
behavioral1
Sample
RHY009878999.BAT.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
RHY009878999.BAT.exe
Resource
win10-en-20211104
Malware Config
Extracted
lokibot
http://lokich.xyz/icecobe/so/lxx.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RHY009878999.BAT.exe
-
Size
1.2MB
-
MD5
cb2441099d6f5e62e912dafe7d4159c0
-
SHA1
7b1874dd66b87c86126176078b5bc2ca29c6be0f
-
SHA256
b14df7e61bbbe9158b2851136d18c942b22629df86ccf9d25a0522da43eee9a2
-
SHA512
b4a20ea93db156655e9bb23d711b0ca54c22f6145cc48eb4ebd9706084bab2127447a665a0fb4ddb0d24a9b3e76e2252f3accfcf7febd9330ea289250f0f8055
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-