General
-
Target
f5c312f22d032b0ca6dba954815dd917765784c0a0c15569e96d4876bfd66e52
-
Size
148KB
-
Sample
220521-xl2j8sfcgp
-
MD5
2c7e1d3c7f901b9ee4a4eb47db8cf32a
-
SHA1
86ec7cfe51e1cffa1d22a67de8e5b1439d48dcb5
-
SHA256
f5c312f22d032b0ca6dba954815dd917765784c0a0c15569e96d4876bfd66e52
-
SHA512
5da7a9cd4359bdb9108b5646d53044d0e22a2f2dc9ce53cb4981c88e78e9df0caa7eb8f435193485191fc1380f6ee4ecce3148aa007da23d8f6d096108aed22c
Static task
static1
Behavioral task
behavioral1
Sample
UySfcAwQvKRAxLa.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
UySfcAwQvKRAxLa.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://broken6.cf/L3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
UySfcAwQvKRAxLa.exe
-
Size
198KB
-
MD5
98661e5984ad7409b1652fa45267dc9c
-
SHA1
2369d074a8f5045166cfbf7e20ddcde5647df1e0
-
SHA256
f94e8615fb3b739ab3ad8ec81511b5439a72d4e865a5f9975aa524ac6036d3c2
-
SHA512
5875e0da29f6f5ab4ed7c6f6dfca1979c41413b97937227b8087d9503cbf19b0183a912a85b9995148d5968850527a7f5ba1e09dfdc09f965c97cc5e8c2b8eb0
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-