General
-
Target
f98faf03ba802e5b99c10fdfa94dfc49c1a678526a5a23d9b9bc1136fc5c664b
-
Size
150KB
-
Sample
230129-xvlv5sad53
-
MD5
7beb8b29bdd2bbda9c1cfffc4c738e42
-
SHA1
8cd5ea58f39d335d51216e02984c0362b845aa01
-
SHA256
f98faf03ba802e5b99c10fdfa94dfc49c1a678526a5a23d9b9bc1136fc5c664b
-
SHA512
470ced42f89af58e8a63b809f9025d3f7e96c5b9dfb1bb371ce2879f7465dc782873beda5ddd6edac496663dccb3a7772a8d2e22c13a234988074c8662e3d116
-
SSDEEP
3072:5f1BDZ0kVB67Duw9AMcAbGYlTHvOiNcNfsR0m6wK9Vh5lszjYbZRr0f8T2g:59X0GKG8pSGKmUh7s/oAjg
Static task
static1
Behavioral task
behavioral1
Sample
f98faf03ba802e5b99c10fdfa94dfc49c1a678526a5a23d9b9bc1136fc5c664b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f98faf03ba802e5b99c10fdfa94dfc49c1a678526a5a23d9b9bc1136fc5c664b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://51.195.53.221/p.php/S7zr5v1fXI3Rb
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f98faf03ba802e5b99c10fdfa94dfc49c1a678526a5a23d9b9bc1136fc5c664b
-
Size
150KB
-
MD5
7beb8b29bdd2bbda9c1cfffc4c738e42
-
SHA1
8cd5ea58f39d335d51216e02984c0362b845aa01
-
SHA256
f98faf03ba802e5b99c10fdfa94dfc49c1a678526a5a23d9b9bc1136fc5c664b
-
SHA512
470ced42f89af58e8a63b809f9025d3f7e96c5b9dfb1bb371ce2879f7465dc782873beda5ddd6edac496663dccb3a7772a8d2e22c13a234988074c8662e3d116
-
SSDEEP
3072:5f1BDZ0kVB67Duw9AMcAbGYlTHvOiNcNfsR0m6wK9Vh5lszjYbZRr0f8T2g:59X0GKG8pSGKmUh7s/oAjg
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-