General
-
Target
P.O.070623.exe.zip
-
Size
600KB
-
Sample
230607-nsdx3sad3w
-
MD5
56289fe2998162541f6f4b0978d44d4a
-
SHA1
5347d545bd3a753470b3e6f9ee466d055a467ca7
-
SHA256
f85db12206e5a8e312a57be8470edd9173b66850a72745097a136ee519828986
-
SHA512
370edc3a79f60fdfeb02e07e3a32d87cf454b731544477c360643fe1169bc75e16ae1ebbd8df6ceb3905b71499fa3dd373ffe6defb98fce808655de191e9b838
-
SSDEEP
12288:6XFX+4/uNLe8qK1ujYv2GItqgUHbO+m1oZXiOt5jJ0uJldXAV:6xZ/gekcjYv2Gsq9ORMXiwjJlFE
Static task
static1
Behavioral task
behavioral1
Sample
P.O.070623.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
P.O.070623.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://185.246.220.60/sirR/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
P.O.070623.exe
-
Size
681KB
-
MD5
cb2a173f508c65bfa2223a310e7e5cda
-
SHA1
15d31842cad840c1b43f5f816bf560b7c2560e92
-
SHA256
4640e7f936f754a19cdbc2f5b598269de0daf3a421a9d9c283624c1a7f3775fd
-
SHA512
dc53cac9584cc5771a5f27acd36bffdb5e19fbd4dfb39733eec4cddcd7175d95d75fa81e4a37c445a9e33165ec8d01d80edf4f6d2deb30802586aa48cfb526c7
-
SSDEEP
12288:Dd6L7PVgfEiCbhaDnLMzIL2q+RTdOL8RQjgvMoIfYg0H1sIYdCZri+t/dJ0VotjV:YOyqGUL8RQjgvMoGYtsN2rikmA4LyFC
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-