General
-
Target
4416b3d0dd3d1d8566cfb279b45c4f1ec653de8f5a133f9e85e755693eb88d8b
-
Size
349KB
-
Sample
211207-apehjsade6
-
MD5
3f22a041fe7e94d7147c2a328a09129b
-
SHA1
68ddeba66cc412548445a9b1ce693ebd0f6ca936
-
SHA256
4416b3d0dd3d1d8566cfb279b45c4f1ec653de8f5a133f9e85e755693eb88d8b
-
SHA512
6b1c5181e01d5d6a377214d48b146b9565428489c89716b2e905a9588af599f66302c858fa03fdaf33ccfcb58c18f9c40c402470097c657846ea61f06a25f963
Static task
static1
Behavioral task
behavioral1
Sample
4416b3d0dd3d1d8566cfb279b45c4f1ec653de8f5a133f9e85e755693eb88d8b.exe
Resource
win10-en-20211104
Malware Config
Extracted
lokibot
http://secure01-redirect.net/fx/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4416b3d0dd3d1d8566cfb279b45c4f1ec653de8f5a133f9e85e755693eb88d8b
-
Size
349KB
-
MD5
3f22a041fe7e94d7147c2a328a09129b
-
SHA1
68ddeba66cc412548445a9b1ce693ebd0f6ca936
-
SHA256
4416b3d0dd3d1d8566cfb279b45c4f1ec653de8f5a133f9e85e755693eb88d8b
-
SHA512
6b1c5181e01d5d6a377214d48b146b9565428489c89716b2e905a9588af599f66302c858fa03fdaf33ccfcb58c18f9c40c402470097c657846ea61f06a25f963
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-