General
-
Target
4903234c2fb9d8687338b239eed1f7dabbc0e17961b6f062fcfd2d2a41c01fdd
-
Size
468KB
-
Sample
230129-1f1mjafb4w
-
MD5
cdb547dad4e68995a341487ee1377048
-
SHA1
fbc7a06415fcb575209b563c7cfeb73956cc907d
-
SHA256
4903234c2fb9d8687338b239eed1f7dabbc0e17961b6f062fcfd2d2a41c01fdd
-
SHA512
6a4bb86631421be00b8af5f54a5426fcd3bf74d604b01b566ceed5abf88159f03282b5c28fb59fad5b62f1379bfcfe27438866c0c5d0408e77bfa903bcb85da0
-
SSDEEP
12288:hkgGyl5ncDwPonQpYNu7ZuyxByp4qZ0SKDm9q8KvEM:VlNc8PonqWQukAb/xho
Static task
static1
Behavioral task
behavioral1
Sample
4903234c2fb9d8687338b239eed1f7dabbc0e17961b6f062fcfd2d2a41c01fdd.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
4903234c2fb9d8687338b239eed1f7dabbc0e17961b6f062fcfd2d2a41c01fdd.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://cyrpbrotlimeklim.sytes.net/Oildjfirm/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4903234c2fb9d8687338b239eed1f7dabbc0e17961b6f062fcfd2d2a41c01fdd
-
Size
468KB
-
MD5
cdb547dad4e68995a341487ee1377048
-
SHA1
fbc7a06415fcb575209b563c7cfeb73956cc907d
-
SHA256
4903234c2fb9d8687338b239eed1f7dabbc0e17961b6f062fcfd2d2a41c01fdd
-
SHA512
6a4bb86631421be00b8af5f54a5426fcd3bf74d604b01b566ceed5abf88159f03282b5c28fb59fad5b62f1379bfcfe27438866c0c5d0408e77bfa903bcb85da0
-
SSDEEP
12288:hkgGyl5ncDwPonQpYNu7ZuyxByp4qZ0SKDm9q8KvEM:VlNc8PonqWQukAb/xho
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-