General
-
Target
tmp
-
Size
810KB
-
Sample
230127-pg3mqsbh3t
-
MD5
c5bafe3458d291bf09cd412eae71d481
-
SHA1
bc510c22a532cace309eb7c94208c4e8649c030f
-
SHA256
8ac633cce1e7ca43e127cdb82ebb3fde7defd23d7a59daf3394a2e57a3a61048
-
SHA512
d262b7898f409fbae29ee221c325589b9717d3f36cbf2f4350aa01c998c00828fa78145f6883f44faf09e6d624815f68fb794380658b45394e3129d9d37ac7fe
-
SSDEEP
12288:GoStTmHkFrVbS45nJpaqnSnnlAhFGYQeAF7K5NrKOa3RHgkDuZk08bk53j:GtkkFrBS4ZCnlCFGYoBK5FaZg/k0
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://171.22.30.147/line/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
tmp
-
Size
810KB
-
MD5
c5bafe3458d291bf09cd412eae71d481
-
SHA1
bc510c22a532cace309eb7c94208c4e8649c030f
-
SHA256
8ac633cce1e7ca43e127cdb82ebb3fde7defd23d7a59daf3394a2e57a3a61048
-
SHA512
d262b7898f409fbae29ee221c325589b9717d3f36cbf2f4350aa01c998c00828fa78145f6883f44faf09e6d624815f68fb794380658b45394e3129d9d37ac7fe
-
SSDEEP
12288:GoStTmHkFrVbS45nJpaqnSnnlAhFGYQeAF7K5NrKOa3RHgkDuZk08bk53j:GtkkFrBS4ZCnlCFGYoBK5FaZg/k0
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-