General
-
Target
b0c4d4fbe7822e436d8dffc074375fe6.exe
-
Size
616KB
-
Sample
230131-cpkexaga3s
-
MD5
b0c4d4fbe7822e436d8dffc074375fe6
-
SHA1
2ac5c8e1e0706ebcabc41fbdaf637b61185e227d
-
SHA256
7c5c9edd1dce19df97f4e259a49b5a0399036fd6181692fc0538492db3589e32
-
SHA512
e1c0a35403a0f229c668e137b3cba389379ba66a93ba6ec3791dc60119af7c36d36bab538e065b8131c77471d41fac69ec322f9ef2eec4c8a97ebba3fab0c08c
-
SSDEEP
12288:MVV+Ynu0b+NoexY/9X6xaQbstgM82ks/tjLInIdZDTl+q:1Y3+NNx89XOaQbWgifOnI/Tl+
Static task
static1
Behavioral task
behavioral1
Sample
b0c4d4fbe7822e436d8dffc074375fe6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b0c4d4fbe7822e436d8dffc074375fe6.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://208.67.105.148/fresh2/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b0c4d4fbe7822e436d8dffc074375fe6.exe
-
Size
616KB
-
MD5
b0c4d4fbe7822e436d8dffc074375fe6
-
SHA1
2ac5c8e1e0706ebcabc41fbdaf637b61185e227d
-
SHA256
7c5c9edd1dce19df97f4e259a49b5a0399036fd6181692fc0538492db3589e32
-
SHA512
e1c0a35403a0f229c668e137b3cba389379ba66a93ba6ec3791dc60119af7c36d36bab538e065b8131c77471d41fac69ec322f9ef2eec4c8a97ebba3fab0c08c
-
SSDEEP
12288:MVV+Ynu0b+NoexY/9X6xaQbstgM82ks/tjLInIdZDTl+q:1Y3+NNx89XOaQbWgifOnI/Tl+
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-