General
-
Target
3e5d069f7e0b5c6d057eb69e03da0b706b653ee934cc5a8d8958f40f190cd43d
-
Size
952KB
-
Sample
220701-jhv2dsacfn
-
MD5
ae68b9dffe84e8366dc9a9e666e9b5a4
-
SHA1
ae1a62a71c972267212357a00747d36dd4da260d
-
SHA256
3e5d069f7e0b5c6d057eb69e03da0b706b653ee934cc5a8d8958f40f190cd43d
-
SHA512
b27fe4bf1e882a1e6f5bbe7e7eb1e8227f4de1a41959a7f29da766a3853f327c4213022d7052f32ff0b577856efd066abf6ce6042d612b1cf78276db8f9d8555
Static task
static1
Behavioral task
behavioral1
Sample
3e5d069f7e0b5c6d057eb69e03da0b706b653ee934cc5a8d8958f40f190cd43d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3e5d069f7e0b5c6d057eb69e03da0b706b653ee934cc5a8d8958f40f190cd43d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://www.macniica.com/bazziniltd/amadi/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3e5d069f7e0b5c6d057eb69e03da0b706b653ee934cc5a8d8958f40f190cd43d
-
Size
952KB
-
MD5
ae68b9dffe84e8366dc9a9e666e9b5a4
-
SHA1
ae1a62a71c972267212357a00747d36dd4da260d
-
SHA256
3e5d069f7e0b5c6d057eb69e03da0b706b653ee934cc5a8d8958f40f190cd43d
-
SHA512
b27fe4bf1e882a1e6f5bbe7e7eb1e8227f4de1a41959a7f29da766a3853f327c4213022d7052f32ff0b577856efd066abf6ce6042d612b1cf78276db8f9d8555
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-