General
-
Target
1da487dcf49ac5e7f76e0cf453f80975a35c74689d39135f7758440054035772
-
Size
352KB
-
Sample
211207-pk4dfabhh3
-
MD5
27c36cc1931a34f0dc19ca898eb196ba
-
SHA1
e8fe8c597f910e85e2bee4f84c2b6488db728e52
-
SHA256
1da487dcf49ac5e7f76e0cf453f80975a35c74689d39135f7758440054035772
-
SHA512
3777ac14d51e9c814f5de5ddde1875c207475f440e2aa11a40cc0f83c653639ed09440a7599e1e8b7295a459bd9dc20854b39b1565f34b08bd63fdb6ad3d778b
Static task
static1
Behavioral task
behavioral1
Sample
1da487dcf49ac5e7f76e0cf453f80975a35c74689d39135f7758440054035772.exe
Resource
win10-en-20211104
Malware Config
Extracted
lokibot
http://hdmibonquet.ir/oluwa/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1da487dcf49ac5e7f76e0cf453f80975a35c74689d39135f7758440054035772
-
Size
352KB
-
MD5
27c36cc1931a34f0dc19ca898eb196ba
-
SHA1
e8fe8c597f910e85e2bee4f84c2b6488db728e52
-
SHA256
1da487dcf49ac5e7f76e0cf453f80975a35c74689d39135f7758440054035772
-
SHA512
3777ac14d51e9c814f5de5ddde1875c207475f440e2aa11a40cc0f83c653639ed09440a7599e1e8b7295a459bd9dc20854b39b1565f34b08bd63fdb6ad3d778b
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-