General
-
Target
8a499e05589f930eb309f2bef2c5a920c675bb7c8675a46b6a0da0dbb3b78292
-
Size
888KB
-
Sample
230121-d2jjtacd3t
-
MD5
f15cf7168d5d33becc22eee77cced430
-
SHA1
fd21eb4c9f05ecc4c29049bd11c3dc30f18ec3c7
-
SHA256
8a499e05589f930eb309f2bef2c5a920c675bb7c8675a46b6a0da0dbb3b78292
-
SHA512
e3c33cbb2677b04741dddfa16e7114d928553c6d8fe83034bb0294d0c76c42e95d9b85a45837a366969ecd25f2f329d7ff1441f8791d8f2a24414afcd2929388
-
SSDEEP
12288:mLNUQ97VQgh/f0BeGJwvioJi9u2XyDRRS8fWLRydcf8w2WRoIU1Gh:mRBbQgh/f0BWdcNy1RSwbceIU1G
Static task
static1
Behavioral task
behavioral1
Sample
8a499e05589f930eb309f2bef2c5a920c675bb7c8675a46b6a0da0dbb3b78292.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://208.67.105.148/zang/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
8a499e05589f930eb309f2bef2c5a920c675bb7c8675a46b6a0da0dbb3b78292
-
Size
888KB
-
MD5
f15cf7168d5d33becc22eee77cced430
-
SHA1
fd21eb4c9f05ecc4c29049bd11c3dc30f18ec3c7
-
SHA256
8a499e05589f930eb309f2bef2c5a920c675bb7c8675a46b6a0da0dbb3b78292
-
SHA512
e3c33cbb2677b04741dddfa16e7114d928553c6d8fe83034bb0294d0c76c42e95d9b85a45837a366969ecd25f2f329d7ff1441f8791d8f2a24414afcd2929388
-
SSDEEP
12288:mLNUQ97VQgh/f0BeGJwvioJi9u2XyDRRS8fWLRydcf8w2WRoIU1Gh:mRBbQgh/f0BWdcNy1RSwbceIU1G
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-