General
-
Target
68ecbd38d909725551e2fd279f8f2e4e68cb2e3614856007cb546007ac408843
-
Size
1.5MB
-
Sample
230129-x4vjmsag73
-
MD5
5ad4d5c4d199e5a667d0f4bfbf91a933
-
SHA1
2b683198abdcbf1e0854ecde9fd2e1e4c7dbb5c1
-
SHA256
68ecbd38d909725551e2fd279f8f2e4e68cb2e3614856007cb546007ac408843
-
SHA512
f61ad94a3a06636e64a42bdb8ac3f2d6453f01373ae53b5f3c26a912a0434f6cdf47a2b29c2b8f7516e63c4527c0760b3d43938beb45a5fb708237da7eba5545
-
SSDEEP
24576:+dI4r8MZ6RGuKfwBoEZYt6XYo3PPdLalx:97dHXYsL
Static task
static1
Behavioral task
behavioral1
Sample
68ecbd38d909725551e2fd279f8f2e4e68cb2e3614856007cb546007ac408843.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
68ecbd38d909725551e2fd279f8f2e4e68cb2e3614856007cb546007ac408843.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://51.195.53.221/p.php/UjL7jh4u2t3CH
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
68ecbd38d909725551e2fd279f8f2e4e68cb2e3614856007cb546007ac408843
-
Size
1.5MB
-
MD5
5ad4d5c4d199e5a667d0f4bfbf91a933
-
SHA1
2b683198abdcbf1e0854ecde9fd2e1e4c7dbb5c1
-
SHA256
68ecbd38d909725551e2fd279f8f2e4e68cb2e3614856007cb546007ac408843
-
SHA512
f61ad94a3a06636e64a42bdb8ac3f2d6453f01373ae53b5f3c26a912a0434f6cdf47a2b29c2b8f7516e63c4527c0760b3d43938beb45a5fb708237da7eba5545
-
SSDEEP
24576:+dI4r8MZ6RGuKfwBoEZYt6XYo3PPdLalx:97dHXYsL
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-