General
-
Target
166a7ab059b6eb18c68de7bafed0bd5203cbed1836a0e0baa3b2735410569130
-
Size
1.1MB
-
Sample
221004-p42c7abaa3
-
MD5
32ed364f1d7cb16728c2b328f708756b
-
SHA1
9dd373e5c705bff0b0a19b96ecb4267f03beae0a
-
SHA256
166a7ab059b6eb18c68de7bafed0bd5203cbed1836a0e0baa3b2735410569130
-
SHA512
67c5b21909fd74fa50b1d75eda60f07307bcb255c88db8a7bc968e100089776194422a90424027f594d005ef64078f519cf8148568349a6f620349300fb80517
-
SSDEEP
12288:m1s7K4HTNs2GHO4EY9z3d/FUz2GGSxls7uKoXMwOJG8H1JJfXxRy:EwG/Emz3d/ufO7HwOJGSJfhRy
Static task
static1
Behavioral task
behavioral1
Sample
166a7ab059b6eb18c68de7bafed0bd5203cbed1836a0e0baa3b2735410569130.exe
Resource
win10-20220812-en
Malware Config
Extracted
lokibot
http://208.67.105.161/donstan/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
166a7ab059b6eb18c68de7bafed0bd5203cbed1836a0e0baa3b2735410569130
-
Size
1.1MB
-
MD5
32ed364f1d7cb16728c2b328f708756b
-
SHA1
9dd373e5c705bff0b0a19b96ecb4267f03beae0a
-
SHA256
166a7ab059b6eb18c68de7bafed0bd5203cbed1836a0e0baa3b2735410569130
-
SHA512
67c5b21909fd74fa50b1d75eda60f07307bcb255c88db8a7bc968e100089776194422a90424027f594d005ef64078f519cf8148568349a6f620349300fb80517
-
SSDEEP
12288:m1s7K4HTNs2GHO4EY9z3d/FUz2GGSxls7uKoXMwOJG8H1JJfXxRy:EwG/Emz3d/ufO7HwOJGSJfhRy
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-