General
-
Target
e1e62fbf8a6bdeaf99eec0c4acc750dd5cbd0638731261fbbe8b149975ddc982.exe
-
Size
123KB
-
Sample
220514-q5kx9scdaq
-
MD5
e1463b97ee667e41750ae4531146df03
-
SHA1
2b45b7992c30e83bd067c694a5895149fa10cedc
-
SHA256
e1e62fbf8a6bdeaf99eec0c4acc750dd5cbd0638731261fbbe8b149975ddc982
-
SHA512
b91034e21f7fa6a6b12883ef080f27173eb0524b1c160da4ad33abcd09ac0a9fdc8fa9817321c8823a89655afc40030dbb381eeaef410e34fd9c05ce4473243b
Static task
static1
Behavioral task
behavioral1
Sample
e1e62fbf8a6bdeaf99eec0c4acc750dd5cbd0638731261fbbe8b149975ddc982.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
e1e62fbf8a6bdeaf99eec0c4acc750dd5cbd0638731261fbbe8b149975ddc982.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://aboyox.xyz/aboy/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e1e62fbf8a6bdeaf99eec0c4acc750dd5cbd0638731261fbbe8b149975ddc982.exe
-
Size
123KB
-
MD5
e1463b97ee667e41750ae4531146df03
-
SHA1
2b45b7992c30e83bd067c694a5895149fa10cedc
-
SHA256
e1e62fbf8a6bdeaf99eec0c4acc750dd5cbd0638731261fbbe8b149975ddc982
-
SHA512
b91034e21f7fa6a6b12883ef080f27173eb0524b1c160da4ad33abcd09ac0a9fdc8fa9817321c8823a89655afc40030dbb381eeaef410e34fd9c05ce4473243b
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-