General
-
Target
f4b2703a921facad2c48fdecca12ae21.bin
-
Size
10KB
-
Sample
230605-qc2ejshc8y
-
MD5
5d627d650d4b0069d40c5dfc243dcaca
-
SHA1
a7ec340cd670e9d9463b003bdc756820eec6d567
-
SHA256
309349b4cedd1c5d2ee575109e7382788986b292d51ebe3ed606fc2618759152
-
SHA512
0be482f75a1ed27dc45d400205114e20acb8a81f11bcdc766eb9217bd6c22b40370e9389b692c966808d293bb3c424ebac29e53eb17d11f3a2529a7004e9b9a9
-
SSDEEP
192:r+o28oTXIq4I6dTURZaH84IW/t+RD5PYCZPgS6YYNQdicepihIeBxw568Rwn:r/28oTXIq/aH843t+1ZPKTQKkha5An
Static task
static1
Behavioral task
behavioral1
Sample
17b640449aa90a91d32537b3206b270952e61270442a74a43bfefbe8d1cb6275.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
17b640449aa90a91d32537b3206b270952e61270442a74a43bfefbe8d1cb6275.rtf
Resource
win10v2004-20230221-en
Malware Config
Extracted
lokibot
http://185.246.220.85/line/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
17b640449aa90a91d32537b3206b270952e61270442a74a43bfefbe8d1cb6275.rtf
-
Size
22KB
-
MD5
f4b2703a921facad2c48fdecca12ae21
-
SHA1
020a8ebfa0b76d556b782bca144e644ac30b0c74
-
SHA256
17b640449aa90a91d32537b3206b270952e61270442a74a43bfefbe8d1cb6275
-
SHA512
18282e7036e77ec13aa7eda579922745cda35cee7c688fc5b70f8579cdcf38a8cf6764bef7daeaaf10e9d79f8546667b9c2d4fe2dc4ef8fa9a02f3fde92374ae
-
SSDEEP
384:Ro7824atE1XTk5IuhWa2209yH1SawV7iMbvwxyyhHihCI1MMTx/egA6u0rN2YB:rbayY5IuI2oyH17wV7iAvknhHihCI1Mq
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-