General
-
Target
f45bce88d58814044801c0fde5b0bf7b.exe
-
Size
1.1MB
-
Sample
221004-ngkw9abafk
-
MD5
f45bce88d58814044801c0fde5b0bf7b
-
SHA1
77a18f581f72792988a63e6ebf96f6d3815586e7
-
SHA256
b52caedea6346141b5c469c02ececbd7ed08ea9b04ceef80dac35c6cae4e946e
-
SHA512
5c6583069d8e45d8d4bf5842a957d093e68c010356a30629cbba895a53df22927c8f1f25d65449f58a2808a964849180d0c569ab955ecc74df60bacac77483f8
-
SSDEEP
12288:Qf0K4HTN9LyxU9OmJ3t9sthNOJH1Vio+5d0/eeEmKQ1BvQbBtjiXidhTvFrVDAK:1yxUEmJXsIJH7AiLKgIdliX6TvFrVDA
Static task
static1
Behavioral task
behavioral1
Sample
f45bce88d58814044801c0fde5b0bf7b.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f45bce88d58814044801c0fde5b0bf7b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://208.67.105.161/donstan/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f45bce88d58814044801c0fde5b0bf7b.exe
-
Size
1.1MB
-
MD5
f45bce88d58814044801c0fde5b0bf7b
-
SHA1
77a18f581f72792988a63e6ebf96f6d3815586e7
-
SHA256
b52caedea6346141b5c469c02ececbd7ed08ea9b04ceef80dac35c6cae4e946e
-
SHA512
5c6583069d8e45d8d4bf5842a957d093e68c010356a30629cbba895a53df22927c8f1f25d65449f58a2808a964849180d0c569ab955ecc74df60bacac77483f8
-
SSDEEP
12288:Qf0K4HTN9LyxU9OmJ3t9sthNOJH1Vio+5d0/eeEmKQ1BvQbBtjiXidhTvFrVDAK:1yxUEmJXsIJH7AiLKgIdliX6TvFrVDA
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-