General
-
Target
2ae38b888a902e2b34732011d8ff21deb09f226c5e466d69afa5c579b384aff1
-
Size
1.1MB
-
Sample
220725-c7pscabdc4
-
MD5
785b686a38c935755848f52d2469dd8b
-
SHA1
c5e9cf0014f51e49e76d682d9ef421deef646e63
-
SHA256
2ae38b888a902e2b34732011d8ff21deb09f226c5e466d69afa5c579b384aff1
-
SHA512
c05728981081aee86e08a295d67528c779aaf3003cb06894541f4335b96760d65fd67777fd5566098920e6a2e0643cf1b68dd680eeaa9ae368e734f75709227b
Static task
static1
Behavioral task
behavioral1
Sample
2ae38b888a902e2b34732011d8ff21deb09f226c5e466d69afa5c579b384aff1.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
2ae38b888a902e2b34732011d8ff21deb09f226c5e466d69afa5c579b384aff1.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
lokibot
http://107.175.150.73/~giftioz/.zofoder/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2ae38b888a902e2b34732011d8ff21deb09f226c5e466d69afa5c579b384aff1
-
Size
1.1MB
-
MD5
785b686a38c935755848f52d2469dd8b
-
SHA1
c5e9cf0014f51e49e76d682d9ef421deef646e63
-
SHA256
2ae38b888a902e2b34732011d8ff21deb09f226c5e466d69afa5c579b384aff1
-
SHA512
c05728981081aee86e08a295d67528c779aaf3003cb06894541f4335b96760d65fd67777fd5566098920e6a2e0643cf1b68dd680eeaa9ae368e734f75709227b
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-