General
-
Target
6e3ec98c689625cbf1f0cc19b03b5931eff4f13cb424c17268e48d3e0d30b592
-
Size
744KB
-
Sample
230605-k9df4aff73
-
MD5
d11d9a0efb366e2ce9ec6a1776622370
-
SHA1
e4b168ae66e9811bc463f7fa3f88d9b66bb24611
-
SHA256
6e3ec98c689625cbf1f0cc19b03b5931eff4f13cb424c17268e48d3e0d30b592
-
SHA512
c0e6e935b6813e9d7c0c0c93552147f1d6e78f9031719e672a32749d14c522bb1aca6d8296b237d6a334087e244d5a7c7d0b6d9198e7e207ac2795607441307f
-
SSDEEP
12288:1rgDRw23uHlWxMzIHREJVk/bq4izoW/m7a8IvrlC5lcwy4uimIbFIQDfwRF5XBVz:1MSguHlWxMiQW/O4ue7ajvrl6cwy4urL
Static task
static1
Behavioral task
behavioral1
Sample
6e3ec98c689625cbf1f0cc19b03b5931eff4f13cb424c17268e48d3e0d30b592.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://185.246.220.60/bugg/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6e3ec98c689625cbf1f0cc19b03b5931eff4f13cb424c17268e48d3e0d30b592
-
Size
744KB
-
MD5
d11d9a0efb366e2ce9ec6a1776622370
-
SHA1
e4b168ae66e9811bc463f7fa3f88d9b66bb24611
-
SHA256
6e3ec98c689625cbf1f0cc19b03b5931eff4f13cb424c17268e48d3e0d30b592
-
SHA512
c0e6e935b6813e9d7c0c0c93552147f1d6e78f9031719e672a32749d14c522bb1aca6d8296b237d6a334087e244d5a7c7d0b6d9198e7e207ac2795607441307f
-
SSDEEP
12288:1rgDRw23uHlWxMzIHREJVk/bq4izoW/m7a8IvrlC5lcwy4uimIbFIQDfwRF5XBVz:1MSguHlWxMiQW/O4ue7ajvrl6cwy4urL
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-