General
-
Target
9e1935a47f0fc0de66b4a98556336d46.bin
-
Size
589KB
-
Sample
230206-lwyqjsge91
-
MD5
5953008e9be6944ece0fb9c5e696a1e9
-
SHA1
ff8fb4115fd4490228e0b627bcd2df17827f5d6c
-
SHA256
228d9829a5767849ddd30deca6f7125e430082da21dfdafda13234f2f67a19a7
-
SHA512
fea07af5ac7bf0a9e94347043dab04c1eccf9fda8c710869881aca6ddb2cfe6198049bd2af0701c4cffd309ab136eb82b3cc5310974f90a0fe6bfee75d48a356
-
SSDEEP
12288:oc3EGfLbhM+lgJ4FxSz+Mq6uA2SM//OrNy73KwDozhXfJ+C3lI:v3/w4fMq6uA23/iN1wDYXoC32
Static task
static1
Behavioral task
behavioral1
Sample
e973ddbe5be12de3bb6c48532e99abd8a5e9b44b084a388c89690309c7c38da5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e973ddbe5be12de3bb6c48532e99abd8a5e9b44b084a388c89690309c7c38da5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha8/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e973ddbe5be12de3bb6c48532e99abd8a5e9b44b084a388c89690309c7c38da5.exe
-
Size
752KB
-
MD5
9e1935a47f0fc0de66b4a98556336d46
-
SHA1
8cacf3fa719e158213189b0ec89f8813c4d21297
-
SHA256
e973ddbe5be12de3bb6c48532e99abd8a5e9b44b084a388c89690309c7c38da5
-
SHA512
93d5f772f3ca308cb9c249c70e5a538ec399e3db902d945f6ee4d08ff399947a4a0d35899b1dc9ebc47d37b6693db5a8787386498e8eeb152c172c924c23590a
-
SSDEEP
12288:f2iNZlSE+AB6Fy2Mxz0hAy9yVrNgFW9zktGU83Sg43pqG4yPa:f1dH+AB6F0x10yFFVktGz3tYpqG4yPa
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-