General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.22850.exe
-
Size
872KB
-
Sample
221003-dxf8wsfdek
-
MD5
832e2c5b72a9987d003f6662d8abe274
-
SHA1
720e5a39b2b6a41e1ab53d0b89c0720793b688ee
-
SHA256
61ceb9bb8363e17528ed811b0886a9aa174f5b26fe8e20cf9393d4d2d9df8041
-
SHA512
621523c3e6669424c8530d9af913ab40849d77e86baf109e8d9d19f12f4cc43e1695e6b444ced48596e75acc3b0239ec42971180d7f4053d8059330e1f1f9d61
-
SSDEEP
12288:gZrvNdK4HTNbVUq9qUpih/WfMsHaqDYd9NTZ/xeJv:Ir1aqcGih/W8qDYdTTZ5eJv
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.22850.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.22850.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://162.0.223.13/?5387165893178318742
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.22850.exe
-
Size
872KB
-
MD5
832e2c5b72a9987d003f6662d8abe274
-
SHA1
720e5a39b2b6a41e1ab53d0b89c0720793b688ee
-
SHA256
61ceb9bb8363e17528ed811b0886a9aa174f5b26fe8e20cf9393d4d2d9df8041
-
SHA512
621523c3e6669424c8530d9af913ab40849d77e86baf109e8d9d19f12f4cc43e1695e6b444ced48596e75acc3b0239ec42971180d7f4053d8059330e1f1f9d61
-
SSDEEP
12288:gZrvNdK4HTNbVUq9qUpih/WfMsHaqDYd9NTZ/xeJv:Ir1aqcGih/W8qDYdTTZ5eJv
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-