General
-
Target
suspect_file_1
-
Size
1.2MB
-
Sample
230328-mm661acb8t
-
MD5
66f33597cbf097345c51891ab951b641
-
SHA1
70ad543faecb496ca4c2318e0c8f81a8cbb8fb62
-
SHA256
0da91175e7d72a7ff2bcb3fd93f2ba7bbe4045f9c4dee5c9685c7fdf6da622a6
-
SHA512
d9d4f057dc3c09e1ba42c08ee204e86b569233378d2367a6d6cc67c67b5e2ef87c2b4b9387036bd76f6c06d085079b1f095399465d9e9278d8cd1569b0e02839
-
SSDEEP
24576:Pu6J33O0c+JY5UZ+XC0kGso6FaODoki222F0Eci4GIxmWY:5u0c++OCvkGs9FaOHN22F9QY
Static task
static1
Behavioral task
behavioral1
Sample
suspect_file_1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
suspect_file_1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://naourl.com/data/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
suspect_file_1
-
Size
1.2MB
-
MD5
66f33597cbf097345c51891ab951b641
-
SHA1
70ad543faecb496ca4c2318e0c8f81a8cbb8fb62
-
SHA256
0da91175e7d72a7ff2bcb3fd93f2ba7bbe4045f9c4dee5c9685c7fdf6da622a6
-
SHA512
d9d4f057dc3c09e1ba42c08ee204e86b569233378d2367a6d6cc67c67b5e2ef87c2b4b9387036bd76f6c06d085079b1f095399465d9e9278d8cd1569b0e02839
-
SSDEEP
24576:Pu6J33O0c+JY5UZ+XC0kGso6FaODoki222F0Eci4GIxmWY:5u0c++OCvkGs9FaOHN22F9QY
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-