General
-
Target
eff9dc2494f14b6708a540c6a6f094b1f9286545e6d85c78923700933b9411fe
-
Size
647KB
-
Sample
230130-phdd8sbh8z
-
MD5
4c1dd8060697df9261ae84d6a28d457e
-
SHA1
d6f9d17e217fe9d7845a90cec6be43f01e31d1c5
-
SHA256
eff9dc2494f14b6708a540c6a6f094b1f9286545e6d85c78923700933b9411fe
-
SHA512
8b06953d3e47b6007515486732874a9c9c69ca6cde4f5f7e1fcc30d7574765eb497ea59e92e817efa87a5688f6f24dd73b655c6df01cf9f0997cf2b2732a662f
-
SSDEEP
12288:tqDcBowWlaqMqNcv2OwGNpDdSgq0f6MikPA7Weh3ih9HeA:tqD2ow1qtcntNp4gIBkPIBYTf
Static task
static1
Behavioral task
behavioral1
Sample
eff9dc2494f14b6708a540c6a6f094b1f9286545e6d85c78923700933b9411fe.exe
Resource
win10-20220812-en
Malware Config
Extracted
lokibot
http://208.67.105.148/china/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
eff9dc2494f14b6708a540c6a6f094b1f9286545e6d85c78923700933b9411fe
-
Size
647KB
-
MD5
4c1dd8060697df9261ae84d6a28d457e
-
SHA1
d6f9d17e217fe9d7845a90cec6be43f01e31d1c5
-
SHA256
eff9dc2494f14b6708a540c6a6f094b1f9286545e6d85c78923700933b9411fe
-
SHA512
8b06953d3e47b6007515486732874a9c9c69ca6cde4f5f7e1fcc30d7574765eb497ea59e92e817efa87a5688f6f24dd73b655c6df01cf9f0997cf2b2732a662f
-
SSDEEP
12288:tqDcBowWlaqMqNcv2OwGNpDdSgq0f6MikPA7Weh3ih9HeA:tqD2ow1qtcntNp4gIBkPIBYTf
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-