General
-
Target
0caa902c368a65916d2fadd10fa10e4d924af64f4e3c17732ceb7142f2b4ec7b.exe
-
Size
473KB
-
Sample
211207-gssb5sahg9
-
MD5
1924a979e99c5ebcd367544b9c45423a
-
SHA1
058cb4a49c5f45f2243fd04e2998beb83a198305
-
SHA256
0caa902c368a65916d2fadd10fa10e4d924af64f4e3c17732ceb7142f2b4ec7b
-
SHA512
0a40a932b8777d7ac423c98c3400f23b783e955952c3fffaffa8b7a0cb8fbaf9a9f6f943dfec75e9df60a07a883c58dc3f6e8745b8678660097b68b9a1a34bc1
Static task
static1
Behavioral task
behavioral1
Sample
0caa902c368a65916d2fadd10fa10e4d924af64f4e3c17732ceb7142f2b4ec7b.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
0caa902c368a65916d2fadd10fa10e4d924af64f4e3c17732ceb7142f2b4ec7b.exe
Resource
win10-en-20211104
Malware Config
Extracted
lokibot
http://secure01-redirect.net/gb17/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0caa902c368a65916d2fadd10fa10e4d924af64f4e3c17732ceb7142f2b4ec7b.exe
-
Size
473KB
-
MD5
1924a979e99c5ebcd367544b9c45423a
-
SHA1
058cb4a49c5f45f2243fd04e2998beb83a198305
-
SHA256
0caa902c368a65916d2fadd10fa10e4d924af64f4e3c17732ceb7142f2b4ec7b
-
SHA512
0a40a932b8777d7ac423c98c3400f23b783e955952c3fffaffa8b7a0cb8fbaf9a9f6f943dfec75e9df60a07a883c58dc3f6e8745b8678660097b68b9a1a34bc1
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-