General
-
Target
PROFORMA N.71A 030223.exe
-
Size
561KB
-
Sample
230203-v9ez2agd46
-
MD5
e0159a317ce13f73c7dd98338d9be097
-
SHA1
54c677b005842eac47a29db3872be5088f006eaa
-
SHA256
fbe33894ce251973a6b8d01c80c6b3d40aebf299117b243c70a574f7cfc49727
-
SHA512
45181e8d5c967a073ef1d5d53da9cf93ad88a84b8527e86f09ffe80174c731068c9eee3fc3c6a3268b33e5feb7c4c07f541d5979dbf1dc431e95ce7c103d13a7
-
SSDEEP
12288:U8ZJCHkyb1UQ1f6Z9iSSy32o2MqqG4yPa:UwJUbyQxAh2o2MqqG4yPa
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA N.71A 030223.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
PROFORMA N.71A 030223.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha8/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PROFORMA N.71A 030223.exe
-
Size
561KB
-
MD5
e0159a317ce13f73c7dd98338d9be097
-
SHA1
54c677b005842eac47a29db3872be5088f006eaa
-
SHA256
fbe33894ce251973a6b8d01c80c6b3d40aebf299117b243c70a574f7cfc49727
-
SHA512
45181e8d5c967a073ef1d5d53da9cf93ad88a84b8527e86f09ffe80174c731068c9eee3fc3c6a3268b33e5feb7c4c07f541d5979dbf1dc431e95ce7c103d13a7
-
SSDEEP
12288:U8ZJCHkyb1UQ1f6Z9iSSy32o2MqqG4yPa:UwJUbyQxAh2o2MqqG4yPa
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-