General
-
Target
b5ba4eaf57db9c19bc0e704b3d313972.exe
-
Size
1.0MB
-
Sample
221004-nz5z5sage7
-
MD5
b5ba4eaf57db9c19bc0e704b3d313972
-
SHA1
063e22cdf48221f7a040fe38b8ac3c3d2caa1a95
-
SHA256
132b2bec8d938eeff8eaa559349a7a2a272a957fef0e4f3e9bcb4241eadf7e68
-
SHA512
37c7ae157883c2f74b3d9f510a86ea1562a46b3e5ab050a7078ec5bb6efc0a64649361ebe38fbe467bdd189fcfaf9e4b1731694620585a873e30938460a27734
-
SSDEEP
12288:9fO58lLnM6azXzZ2EBe6ZkdkchAi1jofnCR/dr5H19HUINQEjR9RAhE804rfG0Dv:y8C6qXNtBe6sF1jofCRlr11SARRcE0
Static task
static1
Behavioral task
behavioral1
Sample
b5ba4eaf57db9c19bc0e704b3d313972.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b5ba4eaf57db9c19bc0e704b3d313972.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://162.0.223.13/?OpqycIYJoIxPvNI7mSRvpEdWbvlzd7L2wbAJUztih08MOR
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b5ba4eaf57db9c19bc0e704b3d313972.exe
-
Size
1.0MB
-
MD5
b5ba4eaf57db9c19bc0e704b3d313972
-
SHA1
063e22cdf48221f7a040fe38b8ac3c3d2caa1a95
-
SHA256
132b2bec8d938eeff8eaa559349a7a2a272a957fef0e4f3e9bcb4241eadf7e68
-
SHA512
37c7ae157883c2f74b3d9f510a86ea1562a46b3e5ab050a7078ec5bb6efc0a64649361ebe38fbe467bdd189fcfaf9e4b1731694620585a873e30938460a27734
-
SSDEEP
12288:9fO58lLnM6azXzZ2EBe6ZkdkchAi1jofnCR/dr5H19HUINQEjR9RAhE804rfG0Dv:y8C6qXNtBe6sF1jofCRlr11SARRcE0
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-