General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.29364.5269.exe
-
Size
631KB
-
Sample
221128-f6j29adf2x
-
MD5
3c55be24b4e017ee1e004185adc6067b
-
SHA1
5131c45dc0c0eb83c4ebd22e2bd2edeafd951adb
-
SHA256
acdbb288983f19bd882bc9962cbf1d4cabe3cdfb67a25de5a69b935d60a57df5
-
SHA512
7815bdfd18cc805cea7c9bfddb3754ecc6788ec56a020df8e69fe2809021d43aad13407c9d5fc3e16d23030014794dacface1426221a987bcd4682294c9e233c
-
SSDEEP
12288:1qn3xieodhttPud88tmv8vKlWtJ9Db25O5KjwlE5JQ38fFz6TUfXx05na7D/7b9c:kodGtZneyE5O38fFz60qJKjn
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.29364.5269.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.29364.5269.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://171.22.30.147/line/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.29364.5269.exe
-
Size
631KB
-
MD5
3c55be24b4e017ee1e004185adc6067b
-
SHA1
5131c45dc0c0eb83c4ebd22e2bd2edeafd951adb
-
SHA256
acdbb288983f19bd882bc9962cbf1d4cabe3cdfb67a25de5a69b935d60a57df5
-
SHA512
7815bdfd18cc805cea7c9bfddb3754ecc6788ec56a020df8e69fe2809021d43aad13407c9d5fc3e16d23030014794dacface1426221a987bcd4682294c9e233c
-
SSDEEP
12288:1qn3xieodhttPud88tmv8vKlWtJ9Db25O5KjwlE5JQ38fFz6TUfXx05na7D/7b9c:kodGtZneyE5O38fFz60qJKjn
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-