General
-
Target
7cf77d3b4c3585318c522bc950d7d7236614121ce125e33cd6b7a3602d9cb7b3
-
Size
1.2MB
-
Sample
220121-3mg5wadbh6
-
MD5
64d09508c2399e759043ecb4f721a2c1
-
SHA1
4cc5c2ea24c4e730ce60aba99e7532e3e8ac68c2
-
SHA256
7cf77d3b4c3585318c522bc950d7d7236614121ce125e33cd6b7a3602d9cb7b3
-
SHA512
7e2d89da062a77af2a1b2c7fe7a8585988e6b1fc44ee1a3a7882be687c22e51c5a4b67a121de1ada6b25ff4ef772a5a8981f4e99283c327d876079a773e6a7aa
Static task
static1
Behavioral task
behavioral1
Sample
PO_068_2.exe
Resource
win7-en-20211208
Malware Config
Extracted
lokibot
http://nl5329.ir/nrc1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PO_068_2.EXE
-
Size
277KB
-
MD5
70b33a850d27cfe19ec6598e19adcff5
-
SHA1
3c9e9c38583991b31d24003cdf7e87ebb6301034
-
SHA256
25b408ddee9e9b046cf94203cec4f56dd30734ccd3355c279b1142af087d149c
-
SHA512
42d2b1e23fa2bf285300090099287d7ab0ba977d25ac0ff67d6f4fc731524402b8409f9ac6cdf877fac3cd9d37bdcbecc74ba69e0cb375441cadebdaf09b53fa
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-