General
-
Target
e6cf7e6ea06ad8ab2297af8e48c80dce.exe
-
Size
773KB
-
Sample
221005-m5ppnsebc7
-
MD5
e6cf7e6ea06ad8ab2297af8e48c80dce
-
SHA1
ba8bc90aafde7a77baeeec3c3f77f0a0f5555b6e
-
SHA256
38a47f77600d327589d62e4d015ead4e2ae7f454f5037e4e523968961ddc16b4
-
SHA512
c6ff7900d3459ea072df3033fd27ae75cc5449f84d4ac36c83a326884211fc136ebffb10e331ac6786e6368dd93b7c6d03593b6aba4d463aef23cf081ac05596
-
SSDEEP
12288:CR/4veOpYTsZpQQWt65SidUBzt0le/UwelTIt+Nm1iDok6:44veOpwsZhWt6tOMid/oNIiD
Static task
static1
Behavioral task
behavioral1
Sample
e6cf7e6ea06ad8ab2297af8e48c80dce.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e6cf7e6ea06ad8ab2297af8e48c80dce.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
lokibot
http://208.67.105.161/donstan/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e6cf7e6ea06ad8ab2297af8e48c80dce.exe
-
Size
773KB
-
MD5
e6cf7e6ea06ad8ab2297af8e48c80dce
-
SHA1
ba8bc90aafde7a77baeeec3c3f77f0a0f5555b6e
-
SHA256
38a47f77600d327589d62e4d015ead4e2ae7f454f5037e4e523968961ddc16b4
-
SHA512
c6ff7900d3459ea072df3033fd27ae75cc5449f84d4ac36c83a326884211fc136ebffb10e331ac6786e6368dd93b7c6d03593b6aba4d463aef23cf081ac05596
-
SSDEEP
12288:CR/4veOpYTsZpQQWt65SidUBzt0le/UwelTIt+Nm1iDok6:44veOpwsZhWt6tOMid/oNIiD
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-