General
-
Target
ab22e6f54ff1b1f6862780ca9a7dddaa.bin
-
Size
633KB
-
Sample
230605-pgldfsha7t
-
MD5
5926dc4942384115b00348993c8dd7d3
-
SHA1
7a8950218bed2bf99592eac33a4e131b2a1b9a8d
-
SHA256
79b6e718743e78923045770bfc557ae2f6da07bb0093d6ce6628c5f1c64bcfb3
-
SHA512
c2ba3bee078c25f791122d06f6ebd9e93e719a43246285d8e3e939119f0837add39ae247c6a28a440c81ec1027e27e09485e808402be29f49f2bcd995473dfd8
-
SSDEEP
12288:gJUSzz8ifTiK+Ib1WCgphTfih4bLXoK4afNc+KNMWTZMPmPpEpw:gG2BriK+W14peqzJFc+q5lgWpE+
Static task
static1
Behavioral task
behavioral1
Sample
2d62d20f9f016e3e2cccfd5414f8566aba4c76da2efb2ab9e8607021507bdf43.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2d62d20f9f016e3e2cccfd5414f8566aba4c76da2efb2ab9e8607021507bdf43.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://185.246.220.85/line/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2d62d20f9f016e3e2cccfd5414f8566aba4c76da2efb2ab9e8607021507bdf43.exe
-
Size
731KB
-
MD5
ab22e6f54ff1b1f6862780ca9a7dddaa
-
SHA1
db4561b1d8023d72177b432f295cf538dce5f0a2
-
SHA256
2d62d20f9f016e3e2cccfd5414f8566aba4c76da2efb2ab9e8607021507bdf43
-
SHA512
1075b3eff0066b91f5736ae73f4bb47691b3944fdae5d75d41037f488394d99d0e9ab3ae9a4b157bb9289fb45db6b27de04da3c3e4536b4b7254b7e5764bc195
-
SSDEEP
12288:px+OSUAh3NVAO2iNa7xdvo/MdyrhFgtDsuBHsSj5J4+saBGHYSmcdrCamLZAiYsW:+1U9BqmycgiH75BIdGxx2TFfk
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-