General
-
Target
b11ba73cc918595cef15c54a151c823fdf597f8681ee486a21f2e83ae1f7e52d
-
Size
894KB
-
Sample
230129-1wkagsed86
-
MD5
0874baecefc1303596be78cc68453c54
-
SHA1
9b27f4e87b858ba7bfc4bd12dc95d57558824d9a
-
SHA256
b11ba73cc918595cef15c54a151c823fdf597f8681ee486a21f2e83ae1f7e52d
-
SHA512
0e7f964dddcf242f4502b39aad4455692197aca2996ddb82e08a48456397bc4806b661fcec41b6bd32927d45c96dd41a33bdf782795bf2f894f37efd4a418b5c
-
SSDEEP
12288:2YV6MorX7qzuC3QHO9FQVHPF51jgcL5V3jBWhHVusACuWdaot4j7TWrrkQ4Jd31S:1BXu9HGaVHbTAhHiCxdaoJkXJMX1
Behavioral task
behavioral1
Sample
b11ba73cc918595cef15c54a151c823fdf597f8681ee486a21f2e83ae1f7e52d.exe
Resource
win7-20220812-en
Malware Config
Extracted
lokibot
http://no2endr.xyz/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b11ba73cc918595cef15c54a151c823fdf597f8681ee486a21f2e83ae1f7e52d
-
Size
894KB
-
MD5
0874baecefc1303596be78cc68453c54
-
SHA1
9b27f4e87b858ba7bfc4bd12dc95d57558824d9a
-
SHA256
b11ba73cc918595cef15c54a151c823fdf597f8681ee486a21f2e83ae1f7e52d
-
SHA512
0e7f964dddcf242f4502b39aad4455692197aca2996ddb82e08a48456397bc4806b661fcec41b6bd32927d45c96dd41a33bdf782795bf2f894f37efd4a418b5c
-
SSDEEP
12288:2YV6MorX7qzuC3QHO9FQVHPF51jgcL5V3jBWhHVusACuWdaot4j7TWrrkQ4Jd31S:1BXu9HGaVHbTAhHiCxdaoJkXJMX1
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-