General
-
Target
govonorzx.exe
-
Size
733KB
-
Sample
230609-w5a1ysdg8s
-
MD5
81493a02c037613b25c5497b7ef39d45
-
SHA1
241850dfa7386bce02b363ecf71d2f986c24491d
-
SHA256
800f51d43733003c92c6d307d4ef55f8c2edb5819cfa39e32ab2080171f8092c
-
SHA512
3d6187224c5fe9c419eada62501bae071b2974cd8730c2266dc0b3f7d4a5a1b8f5866ac4b210235994975a2288e27d49fb09dde88821af4774fb05d01cc336aa
-
SSDEEP
12288:dx+OSUAh3NVWUX2iNa7xdvo/MdyrhFgtDsuBHsSj5J4+saBGmAkJs/o0wqqepR/x:zQ1U9BqmycgiH75BCkio0HtnCEgzRikK
Static task
static1
Behavioral task
behavioral1
Sample
govonorzx.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
govonorzx.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://185.246.220.60/govonor/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
govonorzx.exe
-
Size
733KB
-
MD5
81493a02c037613b25c5497b7ef39d45
-
SHA1
241850dfa7386bce02b363ecf71d2f986c24491d
-
SHA256
800f51d43733003c92c6d307d4ef55f8c2edb5819cfa39e32ab2080171f8092c
-
SHA512
3d6187224c5fe9c419eada62501bae071b2974cd8730c2266dc0b3f7d4a5a1b8f5866ac4b210235994975a2288e27d49fb09dde88821af4774fb05d01cc336aa
-
SSDEEP
12288:dx+OSUAh3NVWUX2iNa7xdvo/MdyrhFgtDsuBHsSj5J4+saBGmAkJs/o0wqqepR/x:zQ1U9BqmycgiH75BCkio0HtnCEgzRikK
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-