General
-
Target
583b316e6de1c82a372f4bb7c8f49c1a.exe
-
Size
335KB
-
Sample
230119-dlrkgsdf57
-
MD5
583b316e6de1c82a372f4bb7c8f49c1a
-
SHA1
27931c3fc5e38a68364cc3544b380ebe55a675c6
-
SHA256
101d8857d8ca67256ce3fd72da19bc291045403bed786495aa916a572a780db5
-
SHA512
85a57f35cf7f06770b932af1d9909612ac87273a36755220c25a9ad01c2ba46e608608c847c9142809285c228e62b2ffb0b1bb8124d0d2a195e0f2d3815a7c75
-
SSDEEP
3072:ufY/TU9fE9PEtuEssssssS5ePlb/2w433sK+mk29NwhJABYymPDTeo30bB+QuOdj:YYa696E3kJhJoYnD6o5rOds8Q2LH
Static task
static1
Behavioral task
behavioral1
Sample
583b316e6de1c82a372f4bb7c8f49c1a.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
583b316e6de1c82a372f4bb7c8f49c1a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://171.22.30.147/cody/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
583b316e6de1c82a372f4bb7c8f49c1a.exe
-
Size
335KB
-
MD5
583b316e6de1c82a372f4bb7c8f49c1a
-
SHA1
27931c3fc5e38a68364cc3544b380ebe55a675c6
-
SHA256
101d8857d8ca67256ce3fd72da19bc291045403bed786495aa916a572a780db5
-
SHA512
85a57f35cf7f06770b932af1d9909612ac87273a36755220c25a9ad01c2ba46e608608c847c9142809285c228e62b2ffb0b1bb8124d0d2a195e0f2d3815a7c75
-
SSDEEP
3072:ufY/TU9fE9PEtuEssssssS5ePlb/2w433sK+mk29NwhJABYymPDTeo30bB+QuOdj:YYa696E3kJhJoYnD6o5rOds8Q2LH
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-