General
-
Target
ce66d8963808e8a84fb85edd8b2850099ae240eab88f2a98413efd01e40922b1
-
Size
201KB
-
Sample
230328-k6c16aaa73
-
MD5
fb4f4746d44d1ae472506334dacf6956
-
SHA1
44c44fae4e3007fa8636e9108dd8070ce7ab7a07
-
SHA256
ce66d8963808e8a84fb85edd8b2850099ae240eab88f2a98413efd01e40922b1
-
SHA512
be971f9a181b5a7bd9efbe47a160a0eda5b981f871eede2aacd872a00940f082487ae1704249494bd78f5ae616e013afb11098ec89055acdd26b1a12996d3a11
-
SSDEEP
3072:HfY/TU9fE9PEtu4beIkBZHFfUqayG/s3ABV0IOFVhEpvC402Dp+bocVKtww7l7:/Ya6EefvHp17G/b/kEd0s4o2KN7l7
Static task
static1
Behavioral task
behavioral1
Sample
ce66d8963808e8a84fb85edd8b2850099ae240eab88f2a98413efd01e40922b1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha25/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ce66d8963808e8a84fb85edd8b2850099ae240eab88f2a98413efd01e40922b1
-
Size
201KB
-
MD5
fb4f4746d44d1ae472506334dacf6956
-
SHA1
44c44fae4e3007fa8636e9108dd8070ce7ab7a07
-
SHA256
ce66d8963808e8a84fb85edd8b2850099ae240eab88f2a98413efd01e40922b1
-
SHA512
be971f9a181b5a7bd9efbe47a160a0eda5b981f871eede2aacd872a00940f082487ae1704249494bd78f5ae616e013afb11098ec89055acdd26b1a12996d3a11
-
SSDEEP
3072:HfY/TU9fE9PEtu4beIkBZHFfUqayG/s3ABV0IOFVhEpvC402Dp+bocVKtww7l7:/Ya6EefvHp17G/b/kEd0s4o2KN7l7
Score10/10-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-