General
-
Target
bebd6ef2da61bf1bf472df8e69c8c64c7f8b6907af2e246bea91cbe7f877169e
-
Size
674KB
-
Sample
230124-t8yv3scf85
-
MD5
49d4f183fc8098c2b5d2394d0a08c6d7
-
SHA1
9ccbeddfbefa0b04ed26016e47766b1e53dceed0
-
SHA256
bebd6ef2da61bf1bf472df8e69c8c64c7f8b6907af2e246bea91cbe7f877169e
-
SHA512
6fc1a0b34870fa2a36700157757312e6dca30839e7f4ab45cacb10f2d9712dcf07402ea2577018ee9398422012266c0a6603547e6e1228178ca3e1e23bd95da0
-
SSDEEP
12288:1+t4bNMtEwcU3gZ+GQzjkATGds2WihOCCncPJmru3mVjoLz7mFwHOYTr:aGN6AAgZbQzlGoiUCCcYCkpwHX
Static task
static1
Behavioral task
behavioral1
Sample
bebd6ef2da61bf1bf472df8e69c8c64c7f8b6907af2e246bea91cbe7f877169e.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
bebd6ef2da61bf1bf472df8e69c8c64c7f8b6907af2e246bea91cbe7f877169e
-
Size
674KB
-
MD5
49d4f183fc8098c2b5d2394d0a08c6d7
-
SHA1
9ccbeddfbefa0b04ed26016e47766b1e53dceed0
-
SHA256
bebd6ef2da61bf1bf472df8e69c8c64c7f8b6907af2e246bea91cbe7f877169e
-
SHA512
6fc1a0b34870fa2a36700157757312e6dca30839e7f4ab45cacb10f2d9712dcf07402ea2577018ee9398422012266c0a6603547e6e1228178ca3e1e23bd95da0
-
SSDEEP
12288:1+t4bNMtEwcU3gZ+GQzjkATGds2WihOCCncPJmru3mVjoLz7mFwHOYTr:aGN6AAgZbQzlGoiUCCcYCkpwHX
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-