General
-
Target
f78a2b1b7893329cfae8149542b417d5bd94a689f4019a58a6934421ab07a9ce
-
Size
883KB
-
Sample
221005-t8kcpaehd8
-
MD5
d5ff0c7259a4c2bba2031f2eb668cf89
-
SHA1
7d6143525b256048fb0e794cce34ab9a82b46e9b
-
SHA256
f78a2b1b7893329cfae8149542b417d5bd94a689f4019a58a6934421ab07a9ce
-
SHA512
aa0cc6d93b9d311fe2b88abeae079878e726ce6471aed4b484bc803c563ab05c61d30ff8d439cca71066f5760dc54ad34702f02c313b87be73151e7e2cf8ac52
-
SSDEEP
12288:cuuUc2iN0R/4ve+rxN8fKONyJ8y27iC0mp8VNj0KBSft:e1s4ve+rxN8/NsHq90fjo
Static task
static1
Behavioral task
behavioral1
Sample
f78a2b1b7893329cfae8149542b417d5bd94a689f4019a58a6934421ab07a9ce.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://208.67.105.161/donstan/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f78a2b1b7893329cfae8149542b417d5bd94a689f4019a58a6934421ab07a9ce
-
Size
883KB
-
MD5
d5ff0c7259a4c2bba2031f2eb668cf89
-
SHA1
7d6143525b256048fb0e794cce34ab9a82b46e9b
-
SHA256
f78a2b1b7893329cfae8149542b417d5bd94a689f4019a58a6934421ab07a9ce
-
SHA512
aa0cc6d93b9d311fe2b88abeae079878e726ce6471aed4b484bc803c563ab05c61d30ff8d439cca71066f5760dc54ad34702f02c313b87be73151e7e2cf8ac52
-
SSDEEP
12288:cuuUc2iN0R/4ve+rxN8fKONyJ8y27iC0mp8VNj0KBSft:e1s4ve+rxN8/NsHq90fjo
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-