General
-
Target
9446c3894b1201e4afbcb07d69ebb548.exe
-
Size
1.0MB
-
Sample
221004-jjnnpsabaj
-
MD5
9446c3894b1201e4afbcb07d69ebb548
-
SHA1
7a548605dd8825b6afc0cd031d002f071005016f
-
SHA256
e0fe12504cc638820796299a68a761cfad56c38c3390f6ac010b40eb8daec63c
-
SHA512
17527838bf8e7f47dbd5f353beb63dfa07cc28cc8fec50099061acc83055ca55bad6cbf91206a006fd9d52088a0820765e3f314b196dd3da9420643a80c421e1
-
SSDEEP
24576:bQwA+gbMqiGOpqkMB/7wT1dzHFEkplH2:bQwA+eOp3a/7wzlEkp
Static task
static1
Behavioral task
behavioral1
Sample
9446c3894b1201e4afbcb07d69ebb548.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9446c3894b1201e4afbcb07d69ebb548.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://162.0.223.13/?OpqycIYJoIxPvNI7mSRvpEdWbvlzd7L2wbAJUztih08MOR
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
9446c3894b1201e4afbcb07d69ebb548.exe
-
Size
1.0MB
-
MD5
9446c3894b1201e4afbcb07d69ebb548
-
SHA1
7a548605dd8825b6afc0cd031d002f071005016f
-
SHA256
e0fe12504cc638820796299a68a761cfad56c38c3390f6ac010b40eb8daec63c
-
SHA512
17527838bf8e7f47dbd5f353beb63dfa07cc28cc8fec50099061acc83055ca55bad6cbf91206a006fd9d52088a0820765e3f314b196dd3da9420643a80c421e1
-
SSDEEP
24576:bQwA+gbMqiGOpqkMB/7wT1dzHFEkplH2:bQwA+eOp3a/7wzlEkp
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-