General
-
Target
tmp
-
Size
607KB
-
Sample
230607-v4zggseb7x
-
MD5
47e465b0d8993ae7256080deb0374b44
-
SHA1
507af227f2e277edb513bbeb44c2a453255c1583
-
SHA256
773138409fdfff166094dd720d55edb343a5ac859c6e61ffc880df4be163f65c
-
SHA512
7e14889ac8a0a26376598aebde625638f9fc128ff78e4fae87e18877adcd7b679bad1d6a674fa826ea5fa642afb1ecbe1aba141ea6e75db5eed2e7d1b83dc88b
-
SSDEEP
12288:bllKpj80DG5R6dH48KhZp4b3qtF01QkRBT:bllKp5GT6dY8Khr03qB2B
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://185.246.220.60/fred2/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
tmp
-
Size
607KB
-
MD5
47e465b0d8993ae7256080deb0374b44
-
SHA1
507af227f2e277edb513bbeb44c2a453255c1583
-
SHA256
773138409fdfff166094dd720d55edb343a5ac859c6e61ffc880df4be163f65c
-
SHA512
7e14889ac8a0a26376598aebde625638f9fc128ff78e4fae87e18877adcd7b679bad1d6a674fa826ea5fa642afb1ecbe1aba141ea6e75db5eed2e7d1b83dc88b
-
SSDEEP
12288:bllKpj80DG5R6dH48KhZp4b3qtF01QkRBT:bllKp5GT6dY8Khr03qB2B
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-