General
-
Target
003862E8ABC13385F61AE0668A6AD27CDD0E237B81AF5.exe
-
Size
666KB
-
Sample
230317-c4c95sdh62
-
MD5
645990a6af5bfefc3a844f0298725b84
-
SHA1
4ed55c32c7654aa747be7f5d618f41df54fe1b40
-
SHA256
003862e8abc13385f61ae0668a6ad27cdd0e237b81af500c25e611f538c3b20e
-
SHA512
f1c0afbc0fb2e53c62e2e53947f4de0b70a2e01d2c6d0d2bc543e1afc77d7c2de25b6b39b7dc32054dbcb2ecd956c310cfd49477ba457c661dd540e9ee9734aa
-
SSDEEP
12288:3CrO6Aohl+4j801NDv6HDD9VQug+N6g8JUhkKG+esTCm:3CrRAoXZJ1Nj6HP9twgGU72m
Static task
static1
Behavioral task
behavioral1
Sample
003862E8ABC13385F61AE0668A6AD27CDD0E237B81AF5.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
003862E8ABC13385F61AE0668A6AD27CDD0E237B81AF5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://www.loki5.info/cash/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
003862E8ABC13385F61AE0668A6AD27CDD0E237B81AF5.exe
-
Size
666KB
-
MD5
645990a6af5bfefc3a844f0298725b84
-
SHA1
4ed55c32c7654aa747be7f5d618f41df54fe1b40
-
SHA256
003862e8abc13385f61ae0668a6ad27cdd0e237b81af500c25e611f538c3b20e
-
SHA512
f1c0afbc0fb2e53c62e2e53947f4de0b70a2e01d2c6d0d2bc543e1afc77d7c2de25b6b39b7dc32054dbcb2ecd956c310cfd49477ba457c661dd540e9ee9734aa
-
SSDEEP
12288:3CrO6Aohl+4j801NDv6HDD9VQug+N6g8JUhkKG+esTCm:3CrRAoXZJ1Nj6HP9twgGU72m
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-