General
-
Target
8f8be2570869e7162851b8460f71be93035fd241900cfedda66771ce7c4d26ca
-
Size
147KB
-
Sample
230124-pjlr1acc2w
-
MD5
cdcbca7a700fdee5246a10aef03525b7
-
SHA1
61a7fcf2d4a51cd208e07394f36aa67a3efe25d6
-
SHA256
8f8be2570869e7162851b8460f71be93035fd241900cfedda66771ce7c4d26ca
-
SHA512
fbe47c44b921e197d367076d6ed41d37a9055043c50993586a9ce84602506b1b6de4b67eb4736fb173cc085e1f87560bfed98ffdb1d2b503d91d49c3a606c431
-
SSDEEP
3072:3fY/TU9fE9PEtuwbkFgPUq8k6IKJ8qzlIsQCWZO8jgrxf3dw1fIkygtLOv7Xf7y:vYa6sCk6JPBIZkv3Cwk0v7Xfm
Static task
static1
Behavioral task
behavioral1
Sample
8f8be2570869e7162851b8460f71be93035fd241900cfedda66771ce7c4d26ca.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
8f8be2570869e7162851b8460f71be93035fd241900cfedda66771ce7c4d26ca
-
Size
147KB
-
MD5
cdcbca7a700fdee5246a10aef03525b7
-
SHA1
61a7fcf2d4a51cd208e07394f36aa67a3efe25d6
-
SHA256
8f8be2570869e7162851b8460f71be93035fd241900cfedda66771ce7c4d26ca
-
SHA512
fbe47c44b921e197d367076d6ed41d37a9055043c50993586a9ce84602506b1b6de4b67eb4736fb173cc085e1f87560bfed98ffdb1d2b503d91d49c3a606c431
-
SSDEEP
3072:3fY/TU9fE9PEtuwbkFgPUq8k6IKJ8qzlIsQCWZO8jgrxf3dw1fIkygtLOv7Xf7y:vYa6sCk6JPBIZkv3Cwk0v7Xfm
Score10/10-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-