General
-
Target
bee57aa11e0421789d5b85ec6eee862829e387ec8e9883ec50f1c57bb690eb6d
-
Size
651KB
-
Sample
230130-phdd8sbh8y
-
MD5
1c17bd280b477386751954b7ecaf689b
-
SHA1
1bca38a87bfa56b4574dd0facb71fd136eed07ee
-
SHA256
bee57aa11e0421789d5b85ec6eee862829e387ec8e9883ec50f1c57bb690eb6d
-
SHA512
9e04b022d2c204233fb8f43bc566a3e519484be1c1558c7fb5210c711c7c15aa9f1acdeb50c9f7620d3aaa44060bd663cd5b5df713ac8776d6238fceb5cd1efe
-
SSDEEP
12288:k1QowJTuEG+jC8+ub8xcra4ixbcPrDDxVQxWeh3ih9HMA:k+owdbjC/ZcraLxwDcBYTl
Static task
static1
Behavioral task
behavioral1
Sample
bee57aa11e0421789d5b85ec6eee862829e387ec8e9883ec50f1c57bb690eb6d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://171.22.30.147/line/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
bee57aa11e0421789d5b85ec6eee862829e387ec8e9883ec50f1c57bb690eb6d
-
Size
651KB
-
MD5
1c17bd280b477386751954b7ecaf689b
-
SHA1
1bca38a87bfa56b4574dd0facb71fd136eed07ee
-
SHA256
bee57aa11e0421789d5b85ec6eee862829e387ec8e9883ec50f1c57bb690eb6d
-
SHA512
9e04b022d2c204233fb8f43bc566a3e519484be1c1558c7fb5210c711c7c15aa9f1acdeb50c9f7620d3aaa44060bd663cd5b5df713ac8776d6238fceb5cd1efe
-
SSDEEP
12288:k1QowJTuEG+jC8+ub8xcra4ixbcPrDDxVQxWeh3ih9HMA:k+owdbjC/ZcraLxwDcBYTl
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-