General
-
Target
WS-NEW ORDER OCT 03.exe
-
Size
876KB
-
Sample
221003-p3gmdsgba7
-
MD5
bb6a85f8eeac0a92d4298efd5d2e5dd3
-
SHA1
04cb2fa896febb58b1a5f46bde500c1cacbfb5ab
-
SHA256
ef6e645afe538a63e44508816e3ac47126452043a5979c37bf0470e924412295
-
SHA512
3783da3f29dcf7ef549a861f2735d6510fed5cb0e6f06c8d7f2a324a518d89fc39744f35d4bbe775fe00ef95f2a0bc80f78c2abde5b62f1aa21835a4f77c76ba
-
SSDEEP
12288:D1g2ktLLoRVqMuK0CG9FJeb9nWaVv/W0K4HTN:pE/gaCG/kWap/W
Static task
static1
Behavioral task
behavioral1
Sample
WS-NEW ORDER OCT 03.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
WS-NEW ORDER OCT 03.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://171.22.30.147/jungletwo/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
WS-NEW ORDER OCT 03.exe
-
Size
876KB
-
MD5
bb6a85f8eeac0a92d4298efd5d2e5dd3
-
SHA1
04cb2fa896febb58b1a5f46bde500c1cacbfb5ab
-
SHA256
ef6e645afe538a63e44508816e3ac47126452043a5979c37bf0470e924412295
-
SHA512
3783da3f29dcf7ef549a861f2735d6510fed5cb0e6f06c8d7f2a324a518d89fc39744f35d4bbe775fe00ef95f2a0bc80f78c2abde5b62f1aa21835a4f77c76ba
-
SSDEEP
12288:D1g2ktLLoRVqMuK0CG9FJeb9nWaVv/W0K4HTN:pE/gaCG/kWap/W
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-