General
-
Target
12300584A35F1DC859CC555922B48319E69C7D5E6FE83.exe
-
Size
372KB
-
Sample
221004-fjjszachh9
-
MD5
91fcd9b4a278bf6d1814ae31e2b01a2c
-
SHA1
547e8beb15eef49ba96fc56df4f3ca69c60b13a0
-
SHA256
12300584a35f1dc859cc555922b48319e69c7d5e6fe837f6b12f573e6149a7cf
-
SHA512
1cf534ee4f7db5734d455645d474af4d76ebcec318676d51d73decd824d6f7731de11a74820ac58458466aa7b25d7749ea2b4d9eb26a57f0b2d81ce99badc789
-
SSDEEP
6144:HpMzdwUctzG3FZuiXHsD3RgVnnGnlijISGOWB4EIxChnQktIbMV8D3I:JeqzG1ZuiXORgVnnGnEhGOWuEMChnQkC
Static task
static1
Behavioral task
behavioral1
Sample
12300584A35F1DC859CC555922B48319E69C7D5E6FE83.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
12300584A35F1DC859CC555922B48319E69C7D5E6FE83.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://svmarketingindia.com/wp169/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
12300584A35F1DC859CC555922B48319E69C7D5E6FE83.exe
-
Size
372KB
-
MD5
91fcd9b4a278bf6d1814ae31e2b01a2c
-
SHA1
547e8beb15eef49ba96fc56df4f3ca69c60b13a0
-
SHA256
12300584a35f1dc859cc555922b48319e69c7d5e6fe837f6b12f573e6149a7cf
-
SHA512
1cf534ee4f7db5734d455645d474af4d76ebcec318676d51d73decd824d6f7731de11a74820ac58458466aa7b25d7749ea2b4d9eb26a57f0b2d81ce99badc789
-
SSDEEP
6144:HpMzdwUctzG3FZuiXHsD3RgVnnGnlijISGOWB4EIxChnQktIbMV8D3I:JeqzG1ZuiXORgVnnGnEhGOWuEMChnQkC
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-