General
-
Target
992865ed84c4a800e3947eb227ed08783c8bce61cb99aad66ec4a8cfc0a263d7
-
Size
663KB
-
Sample
230129-yagw5ace2v
-
MD5
98afc7591b9f631cf6c614fa221c2d9f
-
SHA1
a12d98db4bc384e005ba290a3dd77d1177d130f7
-
SHA256
992865ed84c4a800e3947eb227ed08783c8bce61cb99aad66ec4a8cfc0a263d7
-
SHA512
1a16ddb3896d0d228fdce441a2f2ef1ce3e017f2e20d932987489e5cc6c9e6c0faecac8733038212838e4f81c57204c87d75c7c8273a0613e504b5b060c81033
-
SSDEEP
12288:F1GQyrJDLvVtVSn1Ube5HFNI/HRX+yvqPUnR9pVAV8EB:CQyrJnp+mO+vqPUnJCV
Static task
static1
Behavioral task
behavioral1
Sample
992865ed84c4a800e3947eb227ed08783c8bce61cb99aad66ec4a8cfc0a263d7.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
992865ed84c4a800e3947eb227ed08783c8bce61cb99aad66ec4a8cfc0a263d7.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://fakeme.us/Panel/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
992865ed84c4a800e3947eb227ed08783c8bce61cb99aad66ec4a8cfc0a263d7
-
Size
663KB
-
MD5
98afc7591b9f631cf6c614fa221c2d9f
-
SHA1
a12d98db4bc384e005ba290a3dd77d1177d130f7
-
SHA256
992865ed84c4a800e3947eb227ed08783c8bce61cb99aad66ec4a8cfc0a263d7
-
SHA512
1a16ddb3896d0d228fdce441a2f2ef1ce3e017f2e20d932987489e5cc6c9e6c0faecac8733038212838e4f81c57204c87d75c7c8273a0613e504b5b060c81033
-
SSDEEP
12288:F1GQyrJDLvVtVSn1Ube5HFNI/HRX+yvqPUnR9pVAV8EB:CQyrJnp+mO+vqPUnJCV
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-