General
-
Target
f6e7c3b2fcd2944e123bc68b46f881d266a5099e36b65a4d3fbc9e04195d603a
-
Size
858KB
-
Sample
230129-z9asjadc93
-
MD5
342ac5fa7bbc97dc1b30194edcb36194
-
SHA1
c228f11363a71e968a798ff9348291968fd4e525
-
SHA256
f6e7c3b2fcd2944e123bc68b46f881d266a5099e36b65a4d3fbc9e04195d603a
-
SHA512
953b12448e2ae40e8c7667178a80083ebdbf528eb6ccee3d32ee0ee51a3235d89dd337100ba708ae6e874d1b4e1a699fe2fdb86287130a3585de369bfaa956dd
-
SSDEEP
12288:XLJYn4y5kSN2GKPv61ig2j78A/VPsPdoAVPas1ZsUDrrxN6pdvUU3dIQbZlcnIKP:6nxi/9P+28AquAVzcUD5NMdvU
Static task
static1
Behavioral task
behavioral1
Sample
f6e7c3b2fcd2944e123bc68b46f881d266a5099e36b65a4d3fbc9e04195d603a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f6e7c3b2fcd2944e123bc68b46f881d266a5099e36b65a4d3fbc9e04195d603a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://51.195.53.221/p.php/ZtkNeeK6C94X6
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f6e7c3b2fcd2944e123bc68b46f881d266a5099e36b65a4d3fbc9e04195d603a
-
Size
858KB
-
MD5
342ac5fa7bbc97dc1b30194edcb36194
-
SHA1
c228f11363a71e968a798ff9348291968fd4e525
-
SHA256
f6e7c3b2fcd2944e123bc68b46f881d266a5099e36b65a4d3fbc9e04195d603a
-
SHA512
953b12448e2ae40e8c7667178a80083ebdbf528eb6ccee3d32ee0ee51a3235d89dd337100ba708ae6e874d1b4e1a699fe2fdb86287130a3585de369bfaa956dd
-
SSDEEP
12288:XLJYn4y5kSN2GKPv61ig2j78A/VPsPdoAVPas1ZsUDrrxN6pdvUU3dIQbZlcnIKP:6nxi/9P+28AquAVzcUD5NMdvU
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-