General
-
Target
dcfbb5cc6f548adc27d1a3ce25b3d1ca31826bfd
-
Size
309KB
-
Sample
230113-bmdznsge6s
-
MD5
0bab5f57b83a269dd1814c5eff29e477
-
SHA1
dcfbb5cc6f548adc27d1a3ce25b3d1ca31826bfd
-
SHA256
4337ccc0329004c467b984ac20a8f86bf743a3e344900a6fadf4f73b2cfa0446
-
SHA512
34dccc334675189a034f8129edde9848de9c89af999d4b13e9a9a6dda1d346f335e0458799cc8157f5e99d8abb1438c81d0a6632fd4832f34c052868c5729233
-
SSDEEP
6144:NYa6Cg33NTReufO0F7hvil+0rUwD9h39geKEzXi1H:NYF3v1maviDUwD9geS1H
Static task
static1
Behavioral task
behavioral1
Sample
dcfbb5cc6f548adc27d1a3ce25b3d1ca31826bfd.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
dcfbb5cc6f548adc27d1a3ce25b3d1ca31826bfd.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
dcfbb5cc6f548adc27d1a3ce25b3d1ca31826bfd
-
Size
309KB
-
MD5
0bab5f57b83a269dd1814c5eff29e477
-
SHA1
dcfbb5cc6f548adc27d1a3ce25b3d1ca31826bfd
-
SHA256
4337ccc0329004c467b984ac20a8f86bf743a3e344900a6fadf4f73b2cfa0446
-
SHA512
34dccc334675189a034f8129edde9848de9c89af999d4b13e9a9a6dda1d346f335e0458799cc8157f5e99d8abb1438c81d0a6632fd4832f34c052868c5729233
-
SSDEEP
6144:NYa6Cg33NTReufO0F7hvil+0rUwD9h39geKEzXi1H:NYF3v1maviDUwD9geS1H
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-