General
-
Target
vbc (6).exe
-
Size
137KB
-
Sample
221128-jvsrsscf5z
-
MD5
47add7d8c9c3e7f58d7630ebb3c6e72a
-
SHA1
0f9b2420eef4a62066161faafbd5794f7241e5db
-
SHA256
92f02267b83e00b83065045722c1a7824debe30a5ca361970ad83013132b92af
-
SHA512
ad69926161b497339b7462a3a65c500bc559f513fd004b7d7fe6f63d65ceb5edb0df0b98ba84bc88b1c00b56ad197d331d1431492d2d51a84544e46cfb803741
-
SSDEEP
3072:QEhKzShSycSMm0MTgSo/C+Nc0JBCeEjvSGWYU4aBaSH1QOVYZc:QBn1FigAGLEj5Wh4aBaQ66YZc
Static task
static1
Behavioral task
behavioral1
Sample
vbc (6).exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
vbc (6).exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://208.67.105.162/soft/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
vbc (6).exe
-
Size
137KB
-
MD5
47add7d8c9c3e7f58d7630ebb3c6e72a
-
SHA1
0f9b2420eef4a62066161faafbd5794f7241e5db
-
SHA256
92f02267b83e00b83065045722c1a7824debe30a5ca361970ad83013132b92af
-
SHA512
ad69926161b497339b7462a3a65c500bc559f513fd004b7d7fe6f63d65ceb5edb0df0b98ba84bc88b1c00b56ad197d331d1431492d2d51a84544e46cfb803741
-
SSDEEP
3072:QEhKzShSycSMm0MTgSo/C+Nc0JBCeEjvSGWYU4aBaSH1QOVYZc:QBn1FigAGLEj5Wh4aBaQ66YZc
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-