General
-
Target
f39f40001ad8e45df9e7e75c00cbb15734d735390885ea7320c8786c6445a3e6
-
Size
701KB
-
Sample
230124-dm9sfsge83
-
MD5
76a57b59e3127cb6e7b485bc951431c0
-
SHA1
088dd69387f349864ace0b8b3f36d88ad4bf9da9
-
SHA256
f39f40001ad8e45df9e7e75c00cbb15734d735390885ea7320c8786c6445a3e6
-
SHA512
7cc749c1e4131e87b646f3833cbbc35150ff272055cf68a22ed507d25e703ca37236d9c747bf0be5d269d8517d8aea3eb3e1657d3c80d837d52ee60d1288cf3d
-
SSDEEP
12288:CxEOxdueiDit2iNUdrn4LD6E4wEnEjStRXloLtbfIFHl/VH1h2pX+oNa:CxEO77t1GF06E8ISPXloLtrIFHltH/d
Static task
static1
Behavioral task
behavioral1
Sample
f39f40001ad8e45df9e7e75c00cbb15734d735390885ea7320c8786c6445a3e6.exe
Resource
win10-20220812-en
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f39f40001ad8e45df9e7e75c00cbb15734d735390885ea7320c8786c6445a3e6
-
Size
701KB
-
MD5
76a57b59e3127cb6e7b485bc951431c0
-
SHA1
088dd69387f349864ace0b8b3f36d88ad4bf9da9
-
SHA256
f39f40001ad8e45df9e7e75c00cbb15734d735390885ea7320c8786c6445a3e6
-
SHA512
7cc749c1e4131e87b646f3833cbbc35150ff272055cf68a22ed507d25e703ca37236d9c747bf0be5d269d8517d8aea3eb3e1657d3c80d837d52ee60d1288cf3d
-
SSDEEP
12288:CxEOxdueiDit2iNUdrn4LD6E4wEnEjStRXloLtbfIFHl/VH1h2pX+oNa:CxEO77t1GF06E8ISPXloLtrIFHltH/d
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-