General
-
Target
050.exe
-
Size
262KB
-
Sample
220702-s154rahha2
-
MD5
4782e397d603e4c0096a98ad06490b50
-
SHA1
63bba5b7758b1358764656e9fb83ad27e1045dbb
-
SHA256
a4ccb6c0f50e66c590d27ef2c666bca9041ea88f7daef184b631ebcf0abab094
-
SHA512
784f2023ecada58ce62f4f6b745dc9c69c7fc3cc5eff33ebd05bc73d41c29c13986d9ee9de843eb3a93dc3ed99495d1a59f6b55a6f2488ce20db32372e136979
Static task
static1
Behavioral task
behavioral1
Sample
050.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://becharnise.ir/fb19/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
050.exe
-
Size
262KB
-
MD5
4782e397d603e4c0096a98ad06490b50
-
SHA1
63bba5b7758b1358764656e9fb83ad27e1045dbb
-
SHA256
a4ccb6c0f50e66c590d27ef2c666bca9041ea88f7daef184b631ebcf0abab094
-
SHA512
784f2023ecada58ce62f4f6b745dc9c69c7fc3cc5eff33ebd05bc73d41c29c13986d9ee9de843eb3a93dc3ed99495d1a59f6b55a6f2488ce20db32372e136979
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-