General
-
Target
6bd5bbea9b02d99f157e191dbdfe2d772498c3443496738e2c8d92a9617a099e
-
Size
1.0MB
-
Sample
221004-nyhs8aage4
-
MD5
98d09abc36800d204fd55df87679ffb9
-
SHA1
4b02b3b59c0cde3b4dcfeb17c3921ac419a7ebe3
-
SHA256
6bd5bbea9b02d99f157e191dbdfe2d772498c3443496738e2c8d92a9617a099e
-
SHA512
1ba1ebfae1a46564e85d6bb29cc63a132b49efd40d6569dd06600cb6d28463fb3ba7c363cba4284798962fe3359a33458c1d40939812b64d93bbea0325a7cb92
-
SSDEEP
12288:kj+Os4K4HTNanseaQRlHVF7NKViqyqHUP+BYFAaxXeH4N4eXb:NXaQjb7ciwUP+B2LAH46eX
Static task
static1
Behavioral task
behavioral1
Sample
6bd5bbea9b02d99f157e191dbdfe2d772498c3443496738e2c8d92a9617a099e.exe
Resource
win10-20220812-en
Malware Config
Extracted
lokibot
http://162.0.223.13/?OpqycIYJoIxPvNI7mSRvpEdWbvlzd7L2wbAJUztih08MOR
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6bd5bbea9b02d99f157e191dbdfe2d772498c3443496738e2c8d92a9617a099e
-
Size
1.0MB
-
MD5
98d09abc36800d204fd55df87679ffb9
-
SHA1
4b02b3b59c0cde3b4dcfeb17c3921ac419a7ebe3
-
SHA256
6bd5bbea9b02d99f157e191dbdfe2d772498c3443496738e2c8d92a9617a099e
-
SHA512
1ba1ebfae1a46564e85d6bb29cc63a132b49efd40d6569dd06600cb6d28463fb3ba7c363cba4284798962fe3359a33458c1d40939812b64d93bbea0325a7cb92
-
SSDEEP
12288:kj+Os4K4HTNanseaQRlHVF7NKViqyqHUP+BYFAaxXeH4N4eXb:NXaQjb7ciwUP+B2LAH46eX
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-