General
-
Target
file.exe
-
Size
183KB
-
Sample
230201-p6b63sdc24
-
MD5
a62b834fd42367f384b1a6a7250a3e9f
-
SHA1
0e94fe518c1aaefda7b451640e83dacb850acf24
-
SHA256
8609e1d5c447b9a77c1e151786125c55fd229f7bc7cd492e8b9bb766cda5d8f5
-
SHA512
f041f541e8684229024a57f2244ac4f644a94134bf9c45dcbd5938b8a3a55e19191170702bd9b56c0f5dd4e7908efdcba499839c4a50bd6a116d3fcd9507578f
-
SSDEEP
3072:HfY/TU9fE9PEtuIbp9SrK0uwo9zVjotEIg02SdJPW0Ib1OeaLvIqR3IaoLhmOW5d:/Ya6Mp9DLDzVjJn02SLWbp4LI4MhmTDl
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://185.246.220.85/davidhill/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
file.exe
-
Size
183KB
-
MD5
a62b834fd42367f384b1a6a7250a3e9f
-
SHA1
0e94fe518c1aaefda7b451640e83dacb850acf24
-
SHA256
8609e1d5c447b9a77c1e151786125c55fd229f7bc7cd492e8b9bb766cda5d8f5
-
SHA512
f041f541e8684229024a57f2244ac4f644a94134bf9c45dcbd5938b8a3a55e19191170702bd9b56c0f5dd4e7908efdcba499839c4a50bd6a116d3fcd9507578f
-
SSDEEP
3072:HfY/TU9fE9PEtuIbp9SrK0uwo9zVjotEIg02SdJPW0Ib1OeaLvIqR3IaoLhmOW5d:/Ya6Mp9DLDzVjJn02SLWbp4LI4MhmTDl
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-