General
-
Target
4668a640020669c02ebdf0da979b348f4ecb62968b949aa09fc474fcad8489e7
-
Size
271KB
-
Sample
220707-ks48gshgcq
-
MD5
ab426b32e4e1567db6ecb7d48bdcd64d
-
SHA1
3b376b9b45a721a4f468a3eeb7c3e90600ab29db
-
SHA256
4668a640020669c02ebdf0da979b348f4ecb62968b949aa09fc474fcad8489e7
-
SHA512
5e98810bee6334798a30ab1091aa5eaa517185de322c739453e0ef6b77a662e2f775582637d48314c395e55b99ee39b0f3441fbca35156ca55d3bd20c23f6178
Static task
static1
Behavioral task
behavioral1
Sample
4668a640020669c02ebdf0da979b348f4ecb62968b949aa09fc474fcad8489e7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4668a640020669c02ebdf0da979b348f4ecb62968b949aa09fc474fcad8489e7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://omann.ir/awhy/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4668a640020669c02ebdf0da979b348f4ecb62968b949aa09fc474fcad8489e7
-
Size
271KB
-
MD5
ab426b32e4e1567db6ecb7d48bdcd64d
-
SHA1
3b376b9b45a721a4f468a3eeb7c3e90600ab29db
-
SHA256
4668a640020669c02ebdf0da979b348f4ecb62968b949aa09fc474fcad8489e7
-
SHA512
5e98810bee6334798a30ab1091aa5eaa517185de322c739453e0ef6b77a662e2f775582637d48314c395e55b99ee39b0f3441fbca35156ca55d3bd20c23f6178
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-