General
-
Target
584d3414d01e2b9fbf3bdc4d906a6cef988d9f71df3e2593a94f7e2beec62295.exe
-
Size
176KB
-
Sample
220521-yhw11schh7
-
MD5
6ef5c37e992049ae450a3c1800066b5e
-
SHA1
8cb063809f60e5e4e2f06189200a512a9bf0d4bc
-
SHA256
584d3414d01e2b9fbf3bdc4d906a6cef988d9f71df3e2593a94f7e2beec62295
-
SHA512
8b978f7ae7318f63e23ac4028cc4abb7fec63f1098689fb43694038ce7de5dd55aab67238a4fe703b77a24aa9f8a5ecf7be97aa78f417c31c9b50ab5d24da23e
Static task
static1
Behavioral task
behavioral1
Sample
584d3414d01e2b9fbf3bdc4d906a6cef988d9f71df3e2593a94f7e2beec62295.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
584d3414d01e2b9fbf3bdc4d906a6cef988d9f71df3e2593a94f7e2beec62295.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://arabdocx.buzz/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
584d3414d01e2b9fbf3bdc4d906a6cef988d9f71df3e2593a94f7e2beec62295.exe
-
Size
176KB
-
MD5
6ef5c37e992049ae450a3c1800066b5e
-
SHA1
8cb063809f60e5e4e2f06189200a512a9bf0d4bc
-
SHA256
584d3414d01e2b9fbf3bdc4d906a6cef988d9f71df3e2593a94f7e2beec62295
-
SHA512
8b978f7ae7318f63e23ac4028cc4abb7fec63f1098689fb43694038ce7de5dd55aab67238a4fe703b77a24aa9f8a5ecf7be97aa78f417c31c9b50ab5d24da23e
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-