General
-
Target
a65c0bef2fc2326789b7118f65bdf2ce938810d3fc04b27006ab18e468d0c2ac
-
Size
113KB
-
Sample
220521-xl6tyscaf3
-
MD5
20e47d64083aa4f4914b8b5df0a48326
-
SHA1
6b44d16b01f0c5370127dd31e44d01ab201dbc8b
-
SHA256
a65c0bef2fc2326789b7118f65bdf2ce938810d3fc04b27006ab18e468d0c2ac
-
SHA512
4c9c8fdfc5167d472967def75fe690b12afea71eee01903eb7afd7f0941ca48c554af9185024e84819938230f04bf37494f4dfdceb9b9e627cba568005010681
Static task
static1
Behavioral task
behavioral1
Sample
CCI20200807_00004.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
CCI20200807_00004.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://profortune-tw.com/layloks/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
CCI20200807_00004.scr
-
Size
150KB
-
MD5
901cd343dc8eb6958c2de9465e60810f
-
SHA1
7470ea70de9c5f2b566e87d9c07dbe80dffbd108
-
SHA256
ceb203bdb13f1834d27769c8da01e52b769ef57c9c3016581bec5865fc02faa8
-
SHA512
8954a74367a49de011bfc22d6e01155319a51b4ccf397bf933307f6c16e1d6462935f6c423c513cc50f5bcddd19aaf0e49d977d7cdc1caf047246302d103d79b
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-