General
-
Target
tmp
-
Size
185KB
-
Sample
230604-fs6dbsbc24
-
MD5
19cb6550343998faee16c4f604a25f56
-
SHA1
5276dd4083fe877a79a8c8d7d34f603705e6a870
-
SHA256
d8273f318e75f0e587b207409f7a326737cd152683851e698c8a6d24f97c4c35
-
SHA512
bc88b9590df1409aedca75e8eb4d28e85a897ee77eeab5d5df5443c2c094dd6196e353e69ba19cfc2846be0d1d69cb73f5b6e6f6fa75e83e8cb08c0e40022ab8
-
SSDEEP
3072:XfY/TU9fE9PEtuObaY7biQ2YA3gPCFJBTftEb1ulS0AGsglteHATLDIX2tms24vi:PYa62dbintmcJ1ftEblGskeHALM/4vJE
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://161.35.102.56/~nikol/?p=2132
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
tmp
-
Size
185KB
-
MD5
19cb6550343998faee16c4f604a25f56
-
SHA1
5276dd4083fe877a79a8c8d7d34f603705e6a870
-
SHA256
d8273f318e75f0e587b207409f7a326737cd152683851e698c8a6d24f97c4c35
-
SHA512
bc88b9590df1409aedca75e8eb4d28e85a897ee77eeab5d5df5443c2c094dd6196e353e69ba19cfc2846be0d1d69cb73f5b6e6f6fa75e83e8cb08c0e40022ab8
-
SSDEEP
3072:XfY/TU9fE9PEtuObaY7biQ2YA3gPCFJBTftEb1ulS0AGsglteHATLDIX2tms24vi:PYa62dbintmcJ1ftEblGskeHALM/4vJE
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-