General
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.16598.12230.exe
-
Size
816KB
-
Sample
221129-kfvtaafd91
-
MD5
3348f7effdf74f685b0f51e6615efd60
-
SHA1
cfdb0559da6e68fbcfe4e9c46b58acd0218bca20
-
SHA256
f08e7e8e2b6c2f0c7595f95a9d51bf6b1c62107a7d0286037b59f33e03a23c13
-
SHA512
4e9546d0e5ba73cd577f321ab848185287c1f52fe09d8c17fd70bee047dc5d0e1edb11d740c89da7dc1c734e354464db9864c56f4c038cae55ac048503f3a437
-
SSDEEP
12288:8cKqU+C5BhASeAVTgJHiLL+oDKf44HitBquPPexiiyJsms/4LnDdzoa1cfN:FYWSeg3+bHiDexoJzjDdEPf
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.CrypterX-gen.16598.12230.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.CrypterX-gen.16598.12230.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://157.245.36.27/~dokterpol/?page=081599145
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.16598.12230.exe
-
Size
816KB
-
MD5
3348f7effdf74f685b0f51e6615efd60
-
SHA1
cfdb0559da6e68fbcfe4e9c46b58acd0218bca20
-
SHA256
f08e7e8e2b6c2f0c7595f95a9d51bf6b1c62107a7d0286037b59f33e03a23c13
-
SHA512
4e9546d0e5ba73cd577f321ab848185287c1f52fe09d8c17fd70bee047dc5d0e1edb11d740c89da7dc1c734e354464db9864c56f4c038cae55ac048503f3a437
-
SSDEEP
12288:8cKqU+C5BhASeAVTgJHiLL+oDKf44HitBquPPexiiyJsms/4LnDdzoa1cfN:FYWSeg3+bHiDexoJzjDdEPf
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-