General
-
Target
E800 quotation20111209.exe
-
Size
544KB
-
Sample
221128-nc5qvsea8y
-
MD5
0fed12b57027afb01e9c51b0b17e4e99
-
SHA1
2a6725fb1962ee6e741bd644eb46ab8e53188dab
-
SHA256
b1aa0b5c10d7fe23e10ae6796fd1f83b8772d4e5257a80f7bc7cf96222166887
-
SHA512
80977813d0e645cdb4d51e315a24f66785df0ca722d7ce9969707bf06873cbf6974c0bb02a9cf819da1b858197f138f29f4e603a461c83cd0443486c5de46259
-
SSDEEP
12288:sAchpbKbfysNoV+PRNFwQHC4oaf5IdcX+:sz7bKWGoV+PnFwQi4ojc
Static task
static1
Behavioral task
behavioral1
Sample
E800 quotation20111209.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
E800 quotation20111209.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://sempersim.su/gm18/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
E800 quotation20111209.exe
-
Size
544KB
-
MD5
0fed12b57027afb01e9c51b0b17e4e99
-
SHA1
2a6725fb1962ee6e741bd644eb46ab8e53188dab
-
SHA256
b1aa0b5c10d7fe23e10ae6796fd1f83b8772d4e5257a80f7bc7cf96222166887
-
SHA512
80977813d0e645cdb4d51e315a24f66785df0ca722d7ce9969707bf06873cbf6974c0bb02a9cf819da1b858197f138f29f4e603a461c83cd0443486c5de46259
-
SSDEEP
12288:sAchpbKbfysNoV+PRNFwQHC4oaf5IdcX+:sz7bKWGoV+PnFwQi4ojc
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-