General
-
Target
5f11f17441bfdacd2a530cc1271f30134964544dfb3b166f91dd6923712ae6f2
-
Size
414KB
-
Sample
220731-w1h6rsccak
-
MD5
64eb40cdc28a9f3b3847eef14c5a174c
-
SHA1
a5d0bbefa872d0cd04ef7e10cca1a43c295ff51a
-
SHA256
5f11f17441bfdacd2a530cc1271f30134964544dfb3b166f91dd6923712ae6f2
-
SHA512
11ecf8bba376c8f0714840da20310e018845c9ea5142595d2dd8c248e31f74b4781e13b99e75822ff96dcadbec28fbc18d0faf7c08d7a49f78c5b7e057ba8177
Static task
static1
Behavioral task
behavioral1
Sample
5f11f17441bfdacd2a530cc1271f30134964544dfb3b166f91dd6923712ae6f2.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5f11f17441bfdacd2a530cc1271f30134964544dfb3b166f91dd6923712ae6f2.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
lokibot
http://michelle777.ru/succex/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5f11f17441bfdacd2a530cc1271f30134964544dfb3b166f91dd6923712ae6f2
-
Size
414KB
-
MD5
64eb40cdc28a9f3b3847eef14c5a174c
-
SHA1
a5d0bbefa872d0cd04ef7e10cca1a43c295ff51a
-
SHA256
5f11f17441bfdacd2a530cc1271f30134964544dfb3b166f91dd6923712ae6f2
-
SHA512
11ecf8bba376c8f0714840da20310e018845c9ea5142595d2dd8c248e31f74b4781e13b99e75822ff96dcadbec28fbc18d0faf7c08d7a49f78c5b7e057ba8177
Score10/10-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-