General
-
Target
1839d60cf892ae968e59ad532281b0fe.bin
-
Size
19KB
-
Sample
230608-bgh2faab57
-
MD5
0eb18ccef491864125c6aef9a0b37486
-
SHA1
b44c0d6b9e392e59513c6d34d62c8fca1b211640
-
SHA256
522c136a5648148e12e1178ebae504cd81cb6e95e79d16f6a0ef77c051e57ddf
-
SHA512
592e5a919001039a7701a488b5b7d28130f693e925efda13e48021fa9f4ff7dc0fb1ae836857f20d374c0107c7be2a12166b6924b2966ce6545afb0d3a88d440
-
SSDEEP
384:Boj7+kH/5m9W55WlKBgsSgRSh5WLTFhBYEuhNCtHxznq9kGnDWz:Q7PHND1EhEFhbgyxz0Dg
Static task
static1
Behavioral task
behavioral1
Sample
Megrendelés_(P.O_5029063)_FANUC.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Megrendelés_(P.O_5029063)_FANUC.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://efvsx.cf/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Megrendelés_(P.O_5029063)_FANUC.exe
-
Size
37KB
-
MD5
7c823274ec6a711a73c4c7df54d1d4cd
-
SHA1
8c78efece5e8c83205df2b18390b3e53396bd237
-
SHA256
b432b8aa06d6977b2f87eafa17634e0fded464c7a521e0120c393c4f4d084fc9
-
SHA512
f6e14be4995d1f74ee9c18f2797035a99ddb95f62f3d1c9dd8b522da290e94e8a32f6a739ee4e930f2c9d3f93eb35cff33b44a8d8bd915b1d0fee14b19e8c475
-
SSDEEP
768:bNyecx7gKng+pF0WeIUDNC6YGcoMcRC7n8Yila:b0ecx7g+70dIUpC6YFoFo78lla
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-