General
-
Target
TUM5653DE463.exe
-
Size
774KB
-
Sample
221005-m4jf9sebc3
-
MD5
46f0f2e2a3af978862925f33fac17437
-
SHA1
3404ecb40a143e0f81f04b451986c040c38c0a6d
-
SHA256
eccc473ca1398efe9c95c25fba6b3d03d4c959bc27635b5fd252528e1bc5bd6f
-
SHA512
5c175ad903b3e80ce59a533094ced0545f0ad8a076960e3a7cd5777e3cb5ca2b1de59a1149157b05f03778445e2075c5342f3571770b31997007ff15efedbc8f
-
SSDEEP
12288:+/MhzZNcLVMXoLK7XCEkF847XISigtR/4ve:UKmVqEKnd4MSii4ve
Static task
static1
Behavioral task
behavioral1
Sample
TUM5653DE463.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
TUM5653DE463.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://162.0.223.13/?08fequikdahgueq78uc
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
TUM5653DE463.exe
-
Size
774KB
-
MD5
46f0f2e2a3af978862925f33fac17437
-
SHA1
3404ecb40a143e0f81f04b451986c040c38c0a6d
-
SHA256
eccc473ca1398efe9c95c25fba6b3d03d4c959bc27635b5fd252528e1bc5bd6f
-
SHA512
5c175ad903b3e80ce59a533094ced0545f0ad8a076960e3a7cd5777e3cb5ca2b1de59a1149157b05f03778445e2075c5342f3571770b31997007ff15efedbc8f
-
SSDEEP
12288:+/MhzZNcLVMXoLK7XCEkF847XISigtR/4ve:UKmVqEKnd4MSii4ve
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-