General
-
Target
990386ad9c9b452687989d7c987e05fbbad623e6c847de809d5d115c455b4252
-
Size
540KB
-
Sample
220701-r9knqshabk
-
MD5
a685fa1757f59d7aaf82f4acfbab7186
-
SHA1
c773411f96ec92574b294df4e09a9a412890f40c
-
SHA256
990386ad9c9b452687989d7c987e05fbbad623e6c847de809d5d115c455b4252
-
SHA512
0423ac49e20e07f12f039ab443858d670b5a56fba9b031f2adb2f6e940b1f89f100664da3979932fb243f31b7ecdf72e3956af18cdade694cf22fdeae34c10e5
Static task
static1
Behavioral task
behavioral1
Sample
MG.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MG.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://107.175.150.73/~giftioz/.rojonm/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
MG.exe
-
Size
1.1MB
-
MD5
60e128faa25f86f6ac56eff424ec3c90
-
SHA1
7ee56d264429a903cff43b77f4efc3065552c408
-
SHA256
70cb325da7e54f302dd59c22effc1cb651f270c72b1323fda2331c6acf07dca8
-
SHA512
c4f8de75c4caac078f67ac48dc5741fcb189f312876de3d6b36810026e10a2b0f2ee9216fe292bbb6a38f9bb5838dd72ebaf4c968024a72810f37d7d745fac21
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-