General
-
Target
tmp
-
Size
524KB
-
Sample
230207-yllpfsfd62
-
MD5
80be92f8539b85927dfc997b0e39aace
-
SHA1
f3f36334fada958a0db24d3b8f1563d38a3cf463
-
SHA256
7932cfa1b2b758cf2237b0630bf13432eb418cecdc01f6fb0003d1e655d02ef5
-
SHA512
dac125a16f0feea31335d4ad4e480be0856df8ce33dd942d55140a6cac1fa2d4a81c5494584e016bd2dcd0447ccc7b83b8270a3c2704df212cb3b51763a612e1
-
SSDEEP
6144:/Ya6qB7/w2E+80TTL/PtbdWQZbiwopi9+Y9RchQPll89Hc87cSsr9EMOoNmCQE+2:/Y8Z780TTTPzWQNCiVI3H3PsiYQEFF
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha9/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
tmp
-
Size
524KB
-
MD5
80be92f8539b85927dfc997b0e39aace
-
SHA1
f3f36334fada958a0db24d3b8f1563d38a3cf463
-
SHA256
7932cfa1b2b758cf2237b0630bf13432eb418cecdc01f6fb0003d1e655d02ef5
-
SHA512
dac125a16f0feea31335d4ad4e480be0856df8ce33dd942d55140a6cac1fa2d4a81c5494584e016bd2dcd0447ccc7b83b8270a3c2704df212cb3b51763a612e1
-
SSDEEP
6144:/Ya6qB7/w2E+80TTL/PtbdWQZbiwopi9+Y9RchQPll89Hc87cSsr9EMOoNmCQE+2:/Y8Z780TTTPzWQNCiVI3H3PsiYQEFF
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-