General
-
Target
051ecadcc9532f099b39901e7a7621ce04da61ee2e9c78dd1f11314c7b2e29b3
-
Size
247KB
-
Sample
220527-xkq24sghe6
-
MD5
901d5e84791d20bb7ee866c5bbd24828
-
SHA1
96641757393eef521048c79f07deeb034e5b6791
-
SHA256
051ecadcc9532f099b39901e7a7621ce04da61ee2e9c78dd1f11314c7b2e29b3
-
SHA512
53abe2c4001457f33fbda2f054a11d8e532f4e9b65ce48914d22396a0ad75df83eb0866295ccb8101d15b2c04ed2faf309933e9565a136e2d72fe761cbe0080b
Static task
static1
Behavioral task
behavioral1
Sample
051ecadcc9532f099b39901e7a7621ce04da61ee2e9c78dd1f11314c7b2e29b3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
051ecadcc9532f099b39901e7a7621ce04da61ee2e9c78dd1f11314c7b2e29b3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://dukhdardhis.com/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
051ecadcc9532f099b39901e7a7621ce04da61ee2e9c78dd1f11314c7b2e29b3
-
Size
247KB
-
MD5
901d5e84791d20bb7ee866c5bbd24828
-
SHA1
96641757393eef521048c79f07deeb034e5b6791
-
SHA256
051ecadcc9532f099b39901e7a7621ce04da61ee2e9c78dd1f11314c7b2e29b3
-
SHA512
53abe2c4001457f33fbda2f054a11d8e532f4e9b65ce48914d22396a0ad75df83eb0866295ccb8101d15b2c04ed2faf309933e9565a136e2d72fe761cbe0080b
Score10/10-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-