General
-
Target
053a45c631f5183afd88064d0642f1e4930febcb0ab2cbcd42f8001b5b3d3071
-
Size
319KB
-
Sample
220527-w8cnyscdak
-
MD5
2983999b156908bc7dd228f464219c88
-
SHA1
29ea1b5a5435b1b59e9169cd5ff658a876a36365
-
SHA256
053a45c631f5183afd88064d0642f1e4930febcb0ab2cbcd42f8001b5b3d3071
-
SHA512
1fea27d66b57f24602ce8fcaf03c10fd2dcc56e071f0ad90b18801762eb4919ffb8a96550a19db01e65adb3edd969f79f411e66691f8863d182a72b6c313920c
Static task
static1
Behavioral task
behavioral1
Sample
pass.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
pass.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
https://photonewsiq.com/bu/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
pass.exe
-
Size
612KB
-
MD5
d6019153d5b7e6b85bc608621529ed10
-
SHA1
53b72f8150d31f8206cb0a32fbc3939346ffdb17
-
SHA256
97c18a16b640056b8baa52a6166530e578d675141dcbb5f025e566ee682a0082
-
SHA512
97cda9f493c8da8858f02b5fdf6325e41f99d013c0a2d44a33468768b563cb9f654d2a1afe4ee077b41245fc59576e7e19457bbd5f6d848f244fe067a3cbaff6
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-