General
-
Target
86cabcae1b3d5779f400b12864dfb386e8ac6beb3982f8d4c5e79dcbd79b9306.exe
-
Size
402KB
-
Sample
211206-papgjagha3
-
MD5
9686187fd7e4a6d9e3dba1f569c79832
-
SHA1
21a5d5828090e9c7e3c351a2703e893cb89790a5
-
SHA256
86cabcae1b3d5779f400b12864dfb386e8ac6beb3982f8d4c5e79dcbd79b9306
-
SHA512
bfbb4409b0476ac6cfd0577c00d809a127eb45cc7657a3678da21a3782060723fc32e8cbc04e085ba48ba2f08ab240dcb624e236b0e0c0da1b399cbb14101852
Static task
static1
Behavioral task
behavioral1
Sample
86cabcae1b3d5779f400b12864dfb386e8ac6beb3982f8d4c5e79dcbd79b9306.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
86cabcae1b3d5779f400b12864dfb386e8ac6beb3982f8d4c5e79dcbd79b9306.exe
Resource
win10-en-20211014
Malware Config
Extracted
lokibot
http://secure01-redirect.net/fd3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
86cabcae1b3d5779f400b12864dfb386e8ac6beb3982f8d4c5e79dcbd79b9306.exe
-
Size
402KB
-
MD5
9686187fd7e4a6d9e3dba1f569c79832
-
SHA1
21a5d5828090e9c7e3c351a2703e893cb89790a5
-
SHA256
86cabcae1b3d5779f400b12864dfb386e8ac6beb3982f8d4c5e79dcbd79b9306
-
SHA512
bfbb4409b0476ac6cfd0577c00d809a127eb45cc7657a3678da21a3782060723fc32e8cbc04e085ba48ba2f08ab240dcb624e236b0e0c0da1b399cbb14101852
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-