General
-
Target
cZI4g6MVyFrAaaS.exe
-
Size
720KB
-
Sample
230328-b6y4ysab81
-
MD5
cef8817f7191e334237f0a967fddc624
-
SHA1
26ea81d3dea973f4744c0ff1ab355b6e9d85872f
-
SHA256
11b8ec17c90add99a6e717e3f90640dcbfef63c3b4185c872caea70841bd74f2
-
SHA512
8057ccb69d1afba9006d5b767b801193311edb97afb7f3b6f994a4d415fb63baa25178623a9d9c3b9cac0929258c1eb2553a16ba66c6fa4605cd6f0fb069012a
-
SSDEEP
12288:d6SKdJVZz5dlkJcr62F3bcE+ff0dPx0t1hp4ZGyjgJlOmP:g1VZ9vs2F3bxXdPStLuZfaO
Static task
static1
Behavioral task
behavioral1
Sample
cZI4g6MVyFrAaaS.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cZI4g6MVyFrAaaS.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://64.227.48.212/?page_id=49156044
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
cZI4g6MVyFrAaaS.exe
-
Size
720KB
-
MD5
cef8817f7191e334237f0a967fddc624
-
SHA1
26ea81d3dea973f4744c0ff1ab355b6e9d85872f
-
SHA256
11b8ec17c90add99a6e717e3f90640dcbfef63c3b4185c872caea70841bd74f2
-
SHA512
8057ccb69d1afba9006d5b767b801193311edb97afb7f3b6f994a4d415fb63baa25178623a9d9c3b9cac0929258c1eb2553a16ba66c6fa4605cd6f0fb069012a
-
SSDEEP
12288:d6SKdJVZz5dlkJcr62F3bcE+ff0dPx0t1hp4ZGyjgJlOmP:g1VZ9vs2F3bxXdPStLuZfaO
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-