General
-
Target
e2129c0979e137c9a442721f9198c70fdcbdd0356df14a3d4e35c994614d03b0
-
Size
632KB
-
Sample
230124-npvresaf57
-
MD5
5ee569730b9c6e7c0da351e5c4ef3678
-
SHA1
8b5e371ea96eb9b64646bac476db0fabd80775fc
-
SHA256
e2129c0979e137c9a442721f9198c70fdcbdd0356df14a3d4e35c994614d03b0
-
SHA512
d605c62e6a31aaf7edd57e3f4d269450b95fc0fe065fa6c3e6c497646cf059d196b8ab69f2f306ab8f276a0ebdc262bc2cf2bc6faf7f964d8d4ab491a5a1586a
-
SSDEEP
12288:9KmMtEwcU3gZ+GQzjkATGdscU5hlAIhrhG4kEHoPZ/gqdlrr:9P6AAgZbQzlGPU5DAIhcdPZNH3
Static task
static1
Behavioral task
behavioral1
Sample
e2129c0979e137c9a442721f9198c70fdcbdd0356df14a3d4e35c994614d03b0.exe
Resource
win10-20220812-en
Malware Config
Extracted
lokibot
http://171.22.30.147/cody/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e2129c0979e137c9a442721f9198c70fdcbdd0356df14a3d4e35c994614d03b0
-
Size
632KB
-
MD5
5ee569730b9c6e7c0da351e5c4ef3678
-
SHA1
8b5e371ea96eb9b64646bac476db0fabd80775fc
-
SHA256
e2129c0979e137c9a442721f9198c70fdcbdd0356df14a3d4e35c994614d03b0
-
SHA512
d605c62e6a31aaf7edd57e3f4d269450b95fc0fe065fa6c3e6c497646cf059d196b8ab69f2f306ab8f276a0ebdc262bc2cf2bc6faf7f964d8d4ab491a5a1586a
-
SSDEEP
12288:9KmMtEwcU3gZ+GQzjkATGdscU5hlAIhrhG4kEHoPZ/gqdlrr:9P6AAgZbQzlGPU5DAIhcdPZNH3
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-