General
-
Target
Xerox_07122021001.cab
-
Size
338KB
-
Sample
211207-n869kahagj
-
MD5
de1ce0d31e5c0f703ba21b9f32ae8b34
-
SHA1
366a70f8c32893ed06b93afd1f226ee3cac1d343
-
SHA256
a32c6199248e24889f6e4a50c1eb512401090850d491726af56dee3218520a88
-
SHA512
9932baf347533e09114891050d084757ce1249238b9d62a24c455d7bdc401e96147c43f1a0f86b4be9711f534c10dfd8b589ffbd53469f59df2f8153ac1ad356
Static task
static1
Behavioral task
behavioral1
Sample
Xerox_07122021001.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Xerox_07122021001.exe
Resource
win10-en-20211104
Malware Config
Extracted
lokibot
http://63.250.34.171/tickets.php?id=538
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Xerox_07122021001.exe
-
Size
350KB
-
MD5
10425bc4b5cdcb5ab21971fefce600fd
-
SHA1
d0c3ac2af5888101f3eaca2a77b461c98d02033f
-
SHA256
b8cd18156e15e6dd1eae62d6472152d015309799c98a8ac1fa4a2e7ab81eb49e
-
SHA512
45b0ee53f74449a274b964927152e06d1e58eb1cbd1fad82fec72da605e9ed5d9f310af611cafc4dafc30d1125453949caab4de9fa0912be597f9f74175f5574
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-