General
-
Target
2da909ad3c9a5533872aef49d36d4ff2bd34c867bfc7079d9ded046f4f3f25e9
-
Size
412KB
-
Sample
230129-1f5aqadf55
-
MD5
bbec222b8fad51bd86a5d20e8d25d63c
-
SHA1
eda1757dfb6158765be5edb108af348cf8f6a11c
-
SHA256
2da909ad3c9a5533872aef49d36d4ff2bd34c867bfc7079d9ded046f4f3f25e9
-
SHA512
e98ef3c1a8f1f16c6891be58f63871ae3775b2144003761ff6b632c976a10fa25d7d2a0b0e208bc6d615a1affa5027389dea9e931afebef04b17e2dcb365bec9
-
SSDEEP
6144:cmCwAA8ejFkg6GG1Xtyi87O+HL8D5uYcLca0DtoHAwzc1lY/qp8llUW:cLbAJFkDGKXtyiuC2wpkc1lOLUW
Static task
static1
Behavioral task
behavioral1
Sample
2da909ad3c9a5533872aef49d36d4ff2bd34c867bfc7079d9ded046f4f3f25e9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2da909ad3c9a5533872aef49d36d4ff2bd34c867bfc7079d9ded046f4f3f25e9.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://opdebeeck-vvorth.com/f3/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2da909ad3c9a5533872aef49d36d4ff2bd34c867bfc7079d9ded046f4f3f25e9
-
Size
412KB
-
MD5
bbec222b8fad51bd86a5d20e8d25d63c
-
SHA1
eda1757dfb6158765be5edb108af348cf8f6a11c
-
SHA256
2da909ad3c9a5533872aef49d36d4ff2bd34c867bfc7079d9ded046f4f3f25e9
-
SHA512
e98ef3c1a8f1f16c6891be58f63871ae3775b2144003761ff6b632c976a10fa25d7d2a0b0e208bc6d615a1affa5027389dea9e931afebef04b17e2dcb365bec9
-
SSDEEP
6144:cmCwAA8ejFkg6GG1Xtyi87O+HL8D5uYcLca0DtoHAwzc1lY/qp8llUW:cLbAJFkDGKXtyiuC2wpkc1lOLUW
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-