General
-
Target
956077f1fd25f5a028cb77525736d4849858aa39f0350f4964ae5b6545942309
-
Size
471KB
-
Sample
230129-yhk9hsbd35
-
MD5
054029d409f0924a06a72f86e93f6145
-
SHA1
386806b7e3dc9d9fce51315f12ede269f29f96a9
-
SHA256
956077f1fd25f5a028cb77525736d4849858aa39f0350f4964ae5b6545942309
-
SHA512
f1cda14943f439f9629d4690890ea87d0ec416fe08a8eac36fcdc711c45469083463c8b6d3f4ae11b8add75339b18be337e98d82a179e984faf5a1d0cd4f868e
-
SSDEEP
6144:h2n8KahFe1iPwAKmQoe6bvTumX8Zhq43Rob+7lhd8kxsVdQuFkvd:wn8vhFe127QoJ7KWyh/obO3d8DV5kvd
Static task
static1
Behavioral task
behavioral1
Sample
956077f1fd25f5a028cb77525736d4849858aa39f0350f4964ae5b6545942309.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
956077f1fd25f5a028cb77525736d4849858aa39f0350f4964ae5b6545942309.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://51.195.53.221/p.php/ZtkNeeK6C94X6
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
956077f1fd25f5a028cb77525736d4849858aa39f0350f4964ae5b6545942309
-
Size
471KB
-
MD5
054029d409f0924a06a72f86e93f6145
-
SHA1
386806b7e3dc9d9fce51315f12ede269f29f96a9
-
SHA256
956077f1fd25f5a028cb77525736d4849858aa39f0350f4964ae5b6545942309
-
SHA512
f1cda14943f439f9629d4690890ea87d0ec416fe08a8eac36fcdc711c45469083463c8b6d3f4ae11b8add75339b18be337e98d82a179e984faf5a1d0cd4f868e
-
SSDEEP
6144:h2n8KahFe1iPwAKmQoe6bvTumX8Zhq43Rob+7lhd8kxsVdQuFkvd:wn8vhFe127QoJ7KWyh/obO3d8DV5kvd
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-