General
-
Target
e2d5cfd16680135cafe37b18eb0e31958128120cffa627dbf7a22e1c8b2f5f04
-
Size
209KB
-
Sample
230208-xta29aeg22
-
MD5
900820f261e82e5c51ecaa86f2f68f86
-
SHA1
36da386baa0926789cd35eee6b6c60c555e7b469
-
SHA256
e2d5cfd16680135cafe37b18eb0e31958128120cffa627dbf7a22e1c8b2f5f04
-
SHA512
a1e3db91b2e5a15f92a98e7ac0cbd2f2ca790c79a6f3e5626dc1933b9f78a50c791efb2bc8ee0cf04fab0b62e3dd875cb99a9aa9902c9e17cc61f60ccd8900c5
-
SSDEEP
3072:HfY/TU9fE9PEtueGbMuXzsnNIKqBFEpc+hg3KnuZ8cyJrS0qQsO+KABaa5AdFjOq:/Ya6hMujsnNIq+1+uGcyAUKKABaagF6q
Static task
static1
Behavioral task
behavioral1
Sample
e2d5cfd16680135cafe37b18eb0e31958128120cffa627dbf7a22e1c8b2f5f04.exe
Resource
win10-20220812-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha9/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e2d5cfd16680135cafe37b18eb0e31958128120cffa627dbf7a22e1c8b2f5f04
-
Size
209KB
-
MD5
900820f261e82e5c51ecaa86f2f68f86
-
SHA1
36da386baa0926789cd35eee6b6c60c555e7b469
-
SHA256
e2d5cfd16680135cafe37b18eb0e31958128120cffa627dbf7a22e1c8b2f5f04
-
SHA512
a1e3db91b2e5a15f92a98e7ac0cbd2f2ca790c79a6f3e5626dc1933b9f78a50c791efb2bc8ee0cf04fab0b62e3dd875cb99a9aa9902c9e17cc61f60ccd8900c5
-
SSDEEP
3072:HfY/TU9fE9PEtueGbMuXzsnNIKqBFEpc+hg3KnuZ8cyJrS0qQsO+KABaa5AdFjOq:/Ya6hMujsnNIq+1+uGcyAUKKABaagF6q
Score10/10-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-