General
-
Target
262abebc2c10c06dd4f53fde2675141e9fbf276472856c4bd848a2adcf5a9745
-
Size
177KB
-
Sample
220616-ld5fdafbg5
-
MD5
3275abbde232304fd67faadb62021fa7
-
SHA1
405040bad15a4bd729e529c3b4e2a7ec1fc5c3fe
-
SHA256
262abebc2c10c06dd4f53fde2675141e9fbf276472856c4bd848a2adcf5a9745
-
SHA512
731e4421e976c99bf1911936cfcee7d761ecbc5bdb02aadaa445bef4f2a9a86d890443025638a9736f77591848a34c38023aa8fc4209abf34c9dfe4a75c01595
Static task
static1
Behavioral task
behavioral1
Sample
262abebc2c10c06dd4f53fde2675141e9fbf276472856c4bd848a2adcf5a9745.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
262abebc2c10c06dd4f53fde2675141e9fbf276472856c4bd848a2adcf5a9745.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://cablesayget.com/tumko/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
262abebc2c10c06dd4f53fde2675141e9fbf276472856c4bd848a2adcf5a9745
-
Size
177KB
-
MD5
3275abbde232304fd67faadb62021fa7
-
SHA1
405040bad15a4bd729e529c3b4e2a7ec1fc5c3fe
-
SHA256
262abebc2c10c06dd4f53fde2675141e9fbf276472856c4bd848a2adcf5a9745
-
SHA512
731e4421e976c99bf1911936cfcee7d761ecbc5bdb02aadaa445bef4f2a9a86d890443025638a9736f77591848a34c38023aa8fc4209abf34c9dfe4a75c01595
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-