General
-
Target
1de4ca0651db70c12f423b11d83eaf5f943175fbd5ec0c35ca9d70e275b8528c
-
Size
906KB
-
Sample
220612-22nqjaehe5
-
MD5
8dd3c9452e664f3b32aeb8c5a9234f0d
-
SHA1
6249c2745ece178126f93c24312d67e79d9a07ab
-
SHA256
1de4ca0651db70c12f423b11d83eaf5f943175fbd5ec0c35ca9d70e275b8528c
-
SHA512
004e39dcb180a20a1c5a95201c3b95236908ac480aea4cc76bdf1a38cf920096f15546290c29566c78571a08290d36dbeb811b8ce302e550f10bd810588169f6
Static task
static1
Behavioral task
behavioral1
Sample
1de4ca0651db70c12f423b11d83eaf5f943175fbd5ec0c35ca9d70e275b8528c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1de4ca0651db70c12f423b11d83eaf5f943175fbd5ec0c35ca9d70e275b8528c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://kkeyvenus.ru/buch-x11/fred.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1de4ca0651db70c12f423b11d83eaf5f943175fbd5ec0c35ca9d70e275b8528c
-
Size
906KB
-
MD5
8dd3c9452e664f3b32aeb8c5a9234f0d
-
SHA1
6249c2745ece178126f93c24312d67e79d9a07ab
-
SHA256
1de4ca0651db70c12f423b11d83eaf5f943175fbd5ec0c35ca9d70e275b8528c
-
SHA512
004e39dcb180a20a1c5a95201c3b95236908ac480aea4cc76bdf1a38cf920096f15546290c29566c78571a08290d36dbeb811b8ce302e550f10bd810588169f6
Score10/10-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-