General
-
Target
5c0c470482707406a0f1fd6b993fde830f6e6e7765fe6e813de75e8ca17da7f4
-
Size
1.2MB
-
Sample
220801-s9hd2sbga9
-
MD5
801f012075fb8f83aa2e8f9d8356347c
-
SHA1
ef9a65567cee4f521bf257f068077240338a78b7
-
SHA256
5c0c470482707406a0f1fd6b993fde830f6e6e7765fe6e813de75e8ca17da7f4
-
SHA512
59efd65a14ae34a0eeb607e1ae0b9e703316c41748dd8b3562d9634f56ca1eef9f31e81ea187357a9571f789c1f98db98dbe7e98fc0283906b2a11796d915ca9
Static task
static1
Behavioral task
behavioral1
Sample
5c0c470482707406a0f1fd6b993fde830f6e6e7765fe6e813de75e8ca17da7f4.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5c0c470482707406a0f1fd6b993fde830f6e6e7765fe6e813de75e8ca17da7f4.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
lokibot
http://5.56.133.250/akend/jn/cat.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5c0c470482707406a0f1fd6b993fde830f6e6e7765fe6e813de75e8ca17da7f4
-
Size
1.2MB
-
MD5
801f012075fb8f83aa2e8f9d8356347c
-
SHA1
ef9a65567cee4f521bf257f068077240338a78b7
-
SHA256
5c0c470482707406a0f1fd6b993fde830f6e6e7765fe6e813de75e8ca17da7f4
-
SHA512
59efd65a14ae34a0eeb607e1ae0b9e703316c41748dd8b3562d9634f56ca1eef9f31e81ea187357a9571f789c1f98db98dbe7e98fc0283906b2a11796d915ca9
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-