General
-
Target
9d1ef7527f27870acabb3066ff486e312887c5f3e34578da8729b2b460c66acd
-
Size
289KB
-
Sample
230119-a17cpsag8v
-
MD5
b9b8dd22b7c9f62e75991a3b73e17e2c
-
SHA1
fa60401daeb0fcb9e4e78d046cf0591275485d40
-
SHA256
9d1ef7527f27870acabb3066ff486e312887c5f3e34578da8729b2b460c66acd
-
SHA512
7718cfc1b407343061a1adcdc480b55e91ce2efcbffbadf6a76a4aa4e77611944cf3921b808a16efa1f27410b2be74b457f5932c61ce8235eac5d7f772ce9cb5
-
SSDEEP
6144:oYa6A0GkCpOZRAHyFgPgd+UjtFsFo14K4:oYW0GkCwZrF0UjtuFoa3
Static task
static1
Behavioral task
behavioral1
Sample
9d1ef7527f27870acabb3066ff486e312887c5f3e34578da8729b2b460c66acd.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://171.22.30.147/cody/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
9d1ef7527f27870acabb3066ff486e312887c5f3e34578da8729b2b460c66acd
-
Size
289KB
-
MD5
b9b8dd22b7c9f62e75991a3b73e17e2c
-
SHA1
fa60401daeb0fcb9e4e78d046cf0591275485d40
-
SHA256
9d1ef7527f27870acabb3066ff486e312887c5f3e34578da8729b2b460c66acd
-
SHA512
7718cfc1b407343061a1adcdc480b55e91ce2efcbffbadf6a76a4aa4e77611944cf3921b808a16efa1f27410b2be74b457f5932c61ce8235eac5d7f772ce9cb5
-
SSDEEP
6144:oYa6A0GkCpOZRAHyFgPgd+UjtFsFo14K4:oYW0GkCwZrF0UjtuFoa3
Score10/10-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-