General
-
Target
8c4eb8b13e5ad846d34febd40236f754.exe
-
Size
779KB
-
Sample
221005-sx2bdsega9
-
MD5
8c4eb8b13e5ad846d34febd40236f754
-
SHA1
71029ab778091b627e45de13bd012b868a1dbf13
-
SHA256
828f922f8df83f0a227eab28dfd098eda156d5c286c65cbdf317c97066db3975
-
SHA512
eccff18f0a4f150ca5b70e7331fe598ad859ff65b58cb65525aa1a4c7ec9200ab1e6bf4701db22e7ccbd35f13fc193380fa05fbfaf02e249f0603414d3074de8
-
SSDEEP
12288:jR/4ve7HkJMJaVHVqKX0KY4sGhGPuapeMb0m1scxNEQt0O:V4ve7Hw2anqKX0KXEPneMbXscxNt0
Static task
static1
Behavioral task
behavioral1
Sample
8c4eb8b13e5ad846d34febd40236f754.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8c4eb8b13e5ad846d34febd40236f754.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://208.67.105.162/smart/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
8c4eb8b13e5ad846d34febd40236f754.exe
-
Size
779KB
-
MD5
8c4eb8b13e5ad846d34febd40236f754
-
SHA1
71029ab778091b627e45de13bd012b868a1dbf13
-
SHA256
828f922f8df83f0a227eab28dfd098eda156d5c286c65cbdf317c97066db3975
-
SHA512
eccff18f0a4f150ca5b70e7331fe598ad859ff65b58cb65525aa1a4c7ec9200ab1e6bf4701db22e7ccbd35f13fc193380fa05fbfaf02e249f0603414d3074de8
-
SSDEEP
12288:jR/4ve7HkJMJaVHVqKX0KY4sGhGPuapeMb0m1scxNEQt0O:V4ve7Hw2anqKX0KXEPneMbXscxNt0
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-