General
-
Target
DE00012599.BAT.exe
-
Size
864KB
-
Sample
211207-gx7bvsbaa3
-
MD5
e109af7d9f5ec4c75acebe6e54a94ce2
-
SHA1
085581a597d15da1a36b74d4169e924e90471754
-
SHA256
5a34fe215cbc5f45a4f9faab0b57dcac5ce695d1d298f8899e22baf363d39dc6
-
SHA512
da2edd8ffe69c6fb6145006c2c5b4da5bd5af7a4e96b3c45a641d50503812651a221071431ac030203d5959274236cb8855793d52655108913764f3aad4ddf48
Static task
static1
Behavioral task
behavioral1
Sample
DE00012599.BAT.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
DE00012599.BAT.exe
Resource
win10-en-20211014
Malware Config
Extracted
lokibot
http://aboasu.xyz/zx/uus/kiss.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DE00012599.BAT.exe
-
Size
864KB
-
MD5
e109af7d9f5ec4c75acebe6e54a94ce2
-
SHA1
085581a597d15da1a36b74d4169e924e90471754
-
SHA256
5a34fe215cbc5f45a4f9faab0b57dcac5ce695d1d298f8899e22baf363d39dc6
-
SHA512
da2edd8ffe69c6fb6145006c2c5b4da5bd5af7a4e96b3c45a641d50503812651a221071431ac030203d5959274236cb8855793d52655108913764f3aad4ddf48
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-