General
-
Target
c564c0450bd7792b93ffa8e9e238f710e2b5ce46c21de499f83ca764477fdab6
-
Size
580KB
-
Sample
220725-c2h3lsbchr
-
MD5
4d6a0789205bf65317eb37a2676ca96f
-
SHA1
c4226234299a9b1a5a6d6c0f2aa015d0e14e724b
-
SHA256
c564c0450bd7792b93ffa8e9e238f710e2b5ce46c21de499f83ca764477fdab6
-
SHA512
5cbe84f43860b64a3a2a97c7845bd5d2916a2bf48d5cb6482f55fb62844ed29e01801e4650aa198a6e615fd1195d08eecada2a44767da36111fe91b86cc755cb
Static task
static1
Behavioral task
behavioral1
Sample
c564c0450bd7792b93ffa8e9e238f710e2b5ce46c21de499f83ca764477fdab6.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
c564c0450bd7792b93ffa8e9e238f710e2b5ce46c21de499f83ca764477fdab6.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
lokibot
http://fiftint.com/vag-2/pin.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c564c0450bd7792b93ffa8e9e238f710e2b5ce46c21de499f83ca764477fdab6
-
Size
580KB
-
MD5
4d6a0789205bf65317eb37a2676ca96f
-
SHA1
c4226234299a9b1a5a6d6c0f2aa015d0e14e724b
-
SHA256
c564c0450bd7792b93ffa8e9e238f710e2b5ce46c21de499f83ca764477fdab6
-
SHA512
5cbe84f43860b64a3a2a97c7845bd5d2916a2bf48d5cb6482f55fb62844ed29e01801e4650aa198a6e615fd1195d08eecada2a44767da36111fe91b86cc755cb
Score10/10-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-