General
-
Target
22d9d96fe042841c8a547ab29fbd9e9f68104ad166c6add9f4c597d59f2788f8
-
Size
600KB
-
Sample
221125-b55kcacg96
-
MD5
93df62f2796852e7c6d40994d5603f79
-
SHA1
8cd2b63d2aa9bdfa45cc0813bd117c84b5312b46
-
SHA256
22d9d96fe042841c8a547ab29fbd9e9f68104ad166c6add9f4c597d59f2788f8
-
SHA512
ef084eba78ff4bad010d8e252f195e4d1c332c0f586ee917cd98aa15477d8eb2a5146fa0c4e44bfc4bc1752506d25e1e6cce636c5de4db9b0c902d307a722f95
-
SSDEEP
12288:AcI7rT4tJ6v15YBTfwgC72GfQpjSCYmZJbxpDF:zIXT4t+2V4R72iCY
Static task
static1
Behavioral task
behavioral1
Sample
22d9d96fe042841c8a547ab29fbd9e9f68104ad166c6add9f4c597d59f2788f8.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://171.22.30.164/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
22d9d96fe042841c8a547ab29fbd9e9f68104ad166c6add9f4c597d59f2788f8
-
Size
600KB
-
MD5
93df62f2796852e7c6d40994d5603f79
-
SHA1
8cd2b63d2aa9bdfa45cc0813bd117c84b5312b46
-
SHA256
22d9d96fe042841c8a547ab29fbd9e9f68104ad166c6add9f4c597d59f2788f8
-
SHA512
ef084eba78ff4bad010d8e252f195e4d1c332c0f586ee917cd98aa15477d8eb2a5146fa0c4e44bfc4bc1752506d25e1e6cce636c5de4db9b0c902d307a722f95
-
SSDEEP
12288:AcI7rT4tJ6v15YBTfwgC72GfQpjSCYmZJbxpDF:zIXT4t+2V4R72iCY
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-