General
-
Target
94b663af143a52ec5359cfff5de5a8a7bca5c9a137b67cbe0b6e5a934d140b77
-
Size
410KB
-
Sample
230118-yw88hagg97
-
MD5
9cbc533aff85bb22a0c012e58d2a1778
-
SHA1
9598a98df4ceac0388e76af0cc39b4fc26700984
-
SHA256
94b663af143a52ec5359cfff5de5a8a7bca5c9a137b67cbe0b6e5a934d140b77
-
SHA512
0a48ef29983e20250e1ecf1e7e5b682694c1a46c2bbf3c11f28b2bfc92e8d80e346d64db26aea1bf293d2b9ecbc1499cd16e939c3b83c91dce9cf86825481e57
-
SSDEEP
6144:oYa6K3bNiLERtuuxfcZHBiRxOij2oG5pT52EPqzbBq:oYw3bcQuuxfc1IMi452EwBq
Static task
static1
Behavioral task
behavioral1
Sample
94b663af143a52ec5359cfff5de5a8a7bca5c9a137b67cbe0b6e5a934d140b77.exe
Resource
win10-20220901-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
94b663af143a52ec5359cfff5de5a8a7bca5c9a137b67cbe0b6e5a934d140b77
-
Size
410KB
-
MD5
9cbc533aff85bb22a0c012e58d2a1778
-
SHA1
9598a98df4ceac0388e76af0cc39b4fc26700984
-
SHA256
94b663af143a52ec5359cfff5de5a8a7bca5c9a137b67cbe0b6e5a934d140b77
-
SHA512
0a48ef29983e20250e1ecf1e7e5b682694c1a46c2bbf3c11f28b2bfc92e8d80e346d64db26aea1bf293d2b9ecbc1499cd16e939c3b83c91dce9cf86825481e57
-
SSDEEP
6144:oYa6K3bNiLERtuuxfcZHBiRxOij2oG5pT52EPqzbBq:oYw3bcQuuxfc1IMi452EwBq
Score10/10-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-