General
-
Target
SecuriteInfo.com.Trojan.TR.Dropper.Gen7.29559.17265
-
Size
103KB
-
Sample
221125-f66w1sdh45
-
MD5
8dfc2d76f99bb224a5eea8225965b810
-
SHA1
caa3f7639ab9cac686bc3b98b92cc33727bb7902
-
SHA256
381aebc010648c0364dc66d2c75dcc32c75b50b9749ac991fb33d630dd10c463
-
SHA512
28024cab1166b9397b46be17d9fef0f6e1caf54c0fdd79b3fb331971f86f8cf0233f96f0e91114a1571d5ff6b749b84fe9e4bff17766bc24a94ab4133d50a9a4
-
SSDEEP
768:/T8YUSJd9uY4dW2UPQE3OVxJYwvrVhf2GLLPWdNduyo7p5:/T8YUsaW2Uv3O3JYGfLWdNduykz
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.TR.Dropper.Gen7.29559.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.TR.Dropper.Gen7.29559.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
https://segoremlolgv.cf/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.Trojan.TR.Dropper.Gen7.29559.17265
-
Size
103KB
-
MD5
8dfc2d76f99bb224a5eea8225965b810
-
SHA1
caa3f7639ab9cac686bc3b98b92cc33727bb7902
-
SHA256
381aebc010648c0364dc66d2c75dcc32c75b50b9749ac991fb33d630dd10c463
-
SHA512
28024cab1166b9397b46be17d9fef0f6e1caf54c0fdd79b3fb331971f86f8cf0233f96f0e91114a1571d5ff6b749b84fe9e4bff17766bc24a94ab4133d50a9a4
-
SSDEEP
768:/T8YUSJd9uY4dW2UPQE3OVxJYwvrVhf2GLLPWdNduyo7p5:/T8YUsaW2Uv3O3JYGfLWdNduykz
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-