General
-
Target
dba09c71b53f5ec9eb4d0e059cc29eaf.bin
-
Size
262KB
-
Sample
230120-rav1esba86
-
MD5
3f5ca7eb98dbef04201323fa9029d769
-
SHA1
79c731fe7c1eea04b7b0912d8547de7ee8219df5
-
SHA256
3e8f39fc47fb6d3c3318433bf057c9cf9019088007d0b3ec09716217f084cb10
-
SHA512
3bbcf6ebb0158635b5bf21dfefadd2ec8bbcc05d34aba9faba4fadff9f065a038b2cc2326b2a3d0d2330f6d7886f28c9821a76388f45c620c4b3412094837d61
-
SSDEEP
6144:31ULmnaXqAXAJDGtYQw/F8214YH76dwlBOAm6bS43dz7H:3EmnbpGtE8214YuilB9jbv3dHH
Static task
static1
Behavioral task
behavioral1
Sample
1c99a914285fd2e4bbf9c25627a9155db90d7859a1e17e127eb29ba0adc4ae0b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1c99a914285fd2e4bbf9c25627a9155db90d7859a1e17e127eb29ba0adc4ae0b.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1c99a914285fd2e4bbf9c25627a9155db90d7859a1e17e127eb29ba0adc4ae0b.exe
-
Size
379KB
-
MD5
dba09c71b53f5ec9eb4d0e059cc29eaf
-
SHA1
7515c48f24456ab7f9ee1d10fc70fe9cbe1eabe2
-
SHA256
1c99a914285fd2e4bbf9c25627a9155db90d7859a1e17e127eb29ba0adc4ae0b
-
SHA512
6a7eb3f81e551ada99d731c78f3ac668ca9ed12b94201539d4045a4fa3ae2882f2e02d6f29153869f80b31f7befcb71a16243206736d247975c51907c7cda3f8
-
SSDEEP
6144:3Ya6aLpG6rcP9Dbs/ObH2qcKfmRasX27vTv3O0ajq7p5LgOq6xqUlRg:3YMLpXro9vmRRX2LTv3Op2piWxqUg
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-