General
-
Target
af1d82ddc77d092be0ce90590eeeec92.bin
-
Size
644KB
-
Sample
230131-kzdn4she2x
-
MD5
1a01512a84683b3f2a269b0819ce32e9
-
SHA1
88eb276ea2e497e08afb6c98402ac21c0084a284
-
SHA256
68c7613af070f3555fa845ecf9c18f0535dedfd094a194aa20b3c41664fd88ed
-
SHA512
a2cbf51271cfebe596cd15a56b94e53739ee5950a2214ac5f4344b3a848218eb96590646844a38b5f789224eadede03819c6eeb249002925db150577f5354eb2
-
SSDEEP
12288:9RF9emeWBbqfYnuk/78COitKsuS0nh97ZKIuZc9oe6YfP05wEmXd:9RSEZqwx8hdpFF6Q05w5d
Static task
static1
Behavioral task
behavioral1
Sample
1cd771d7ce1ada72b26d9fba9b689c7847b1cc501fdb0b80ec97e7a9f7fadf0a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1cd771d7ce1ada72b26d9fba9b689c7847b1cc501fdb0b80ec97e7a9f7fadf0a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://208.67.105.148/health1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1cd771d7ce1ada72b26d9fba9b689c7847b1cc501fdb0b80ec97e7a9f7fadf0a.exe
-
Size
847KB
-
MD5
af1d82ddc77d092be0ce90590eeeec92
-
SHA1
8ddc25499d6e6bf6841a5494011a99480cebcf00
-
SHA256
1cd771d7ce1ada72b26d9fba9b689c7847b1cc501fdb0b80ec97e7a9f7fadf0a
-
SHA512
3fb26b8cca415911b27615d88bba5248408b649e44dd82cdad342509a2abcd916b8bbfbdfa2b7b03132aa5295e2d3a7b24006d664fbf4f5b08c7c1f80c6187a2
-
SSDEEP
12288:YE6GaMzrAP8Is5Zz4p71LN6V201Yc31MFhRTmZbk53jY08b9oO:YE64AP8Xkpx031Md
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-