General
-
Target
36ee7210598b9e9ceb184fc6bc29662a14f4e66e6f2f5139e677cf0147aed3de
-
Size
476KB
-
Sample
220521-m5awhsgbdp
-
MD5
97cd34562c25017ac5170de660ecbfe0
-
SHA1
aa5ee10c7b34ff015d6e598e247eb1232cd16409
-
SHA256
36ee7210598b9e9ceb184fc6bc29662a14f4e66e6f2f5139e677cf0147aed3de
-
SHA512
0dc9ec1c5efdbcb085c5af671407f9adbd23c11e32c44b1015157a0591e2f00b5dc49d8fbee4ff9d8a2fdf4114a75348011565cb85919ae66c1dcc9412712616
Static task
static1
Behavioral task
behavioral1
Sample
LOKI.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
LOKI.exe
-
Size
873KB
-
MD5
030cb125ba97deb600d8a1137087754b
-
SHA1
e7a01f6c3b05d4b54f818f32aa043994105ee20e
-
SHA256
80b9257f924aef8ac5a1a724234ddcd6b67bee79819202bb7b5d4586b35164c7
-
SHA512
9efdf3dcf2051105c579aee44270bff95ed6808c101e831e2257cea669692d29fc1abd988e2221c0a00cacd1d24a7b4c2a84a372eb5b7608d2edf68db9ff9684
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-