General
-
Target
6777083c576a129eb42e3ac80138ac4b8852c720c6d05767da257f87e063d7cb
-
Size
1013KB
-
Sample
220415-cj1jyabhc6
-
MD5
545559c861c015305849e49589c4b79a
-
SHA1
12a2138b370a95e96a4a6890154ce2c72744e13f
-
SHA256
6777083c576a129eb42e3ac80138ac4b8852c720c6d05767da257f87e063d7cb
-
SHA512
229ff2367c07146c4ce131c8709bf40857775a27687af8becd66744b3a0d97dfc94d159c621268c316829d486d204bb11363900154d8462306767ed8c551be3e
Static task
static1
Behavioral task
behavioral1
Sample
6777083c576a129eb42e3ac80138ac4b8852c720c6d05767da257f87e063d7cb.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6777083c576a129eb42e3ac80138ac4b8852c720c6d05767da257f87e063d7cb.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
lokibot
http://tranpip.com/tp/cat.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6777083c576a129eb42e3ac80138ac4b8852c720c6d05767da257f87e063d7cb
-
Size
1013KB
-
MD5
545559c861c015305849e49589c4b79a
-
SHA1
12a2138b370a95e96a4a6890154ce2c72744e13f
-
SHA256
6777083c576a129eb42e3ac80138ac4b8852c720c6d05767da257f87e063d7cb
-
SHA512
229ff2367c07146c4ce131c8709bf40857775a27687af8becd66744b3a0d97dfc94d159c621268c316829d486d204bb11363900154d8462306767ed8c551be3e
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-