General
-
Target
3da5c9324011cdc8d828489e3f0654ddbb2445f1476e44498d3c04c3c9dddbcf
-
Size
294KB
-
Sample
220701-skstgshehn
-
MD5
2d88fec194225a419b391ebbb2472ba3
-
SHA1
1960e97f45caa7aa0702f059b9215f531ba58020
-
SHA256
3da5c9324011cdc8d828489e3f0654ddbb2445f1476e44498d3c04c3c9dddbcf
-
SHA512
d72807942d682743ca4690db0d609a3ade2170ee2b9f3e6b0816e21668b5e37825382d92e81264753673a12b6ad22a4641052666504a571b52a6f1c5ac6e285d
Static task
static1
Behavioral task
behavioral1
Sample
3da5c9324011cdc8d828489e3f0654ddbb2445f1476e44498d3c04c3c9dddbcf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3da5c9324011cdc8d828489e3f0654ddbb2445f1476e44498d3c04c3c9dddbcf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://89.46.222.42/wealth/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3da5c9324011cdc8d828489e3f0654ddbb2445f1476e44498d3c04c3c9dddbcf
-
Size
294KB
-
MD5
2d88fec194225a419b391ebbb2472ba3
-
SHA1
1960e97f45caa7aa0702f059b9215f531ba58020
-
SHA256
3da5c9324011cdc8d828489e3f0654ddbb2445f1476e44498d3c04c3c9dddbcf
-
SHA512
d72807942d682743ca4690db0d609a3ade2170ee2b9f3e6b0816e21668b5e37825382d92e81264753673a12b6ad22a4641052666504a571b52a6f1c5ac6e285d
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-