General
-
Target
RFQ.exe
-
Size
687KB
-
Sample
230609-yy4e2adc79
-
MD5
6259cd3cbcec0332a76e1c9f11439f63
-
SHA1
bcf49c2770b853954b5f7a362210f95dcf4f0f52
-
SHA256
e602de4d127672c6d1610438da22c2389bb845072b81c4bc1886f7c1fd84f232
-
SHA512
deb39318080526458d8d0c0012f2bae56bd0eef65c97bd0f41206b8daaef8ef390f541262946dc4dbbfa52d7345a42ae2780ce89eb76c80ea11ce11a0d2801f9
-
SSDEEP
12288:pY4haDnLMzIL2q+RTdOL8zwrSzP79AL/csUiC/E60y2oYOx+XtQzsB2A/jY:bOyqGUL8XzP79ALSE60/fFMsg4
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
RFQ.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://161.35.102.56/~nikol/?p=8254674426
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RFQ.exe
-
Size
687KB
-
MD5
6259cd3cbcec0332a76e1c9f11439f63
-
SHA1
bcf49c2770b853954b5f7a362210f95dcf4f0f52
-
SHA256
e602de4d127672c6d1610438da22c2389bb845072b81c4bc1886f7c1fd84f232
-
SHA512
deb39318080526458d8d0c0012f2bae56bd0eef65c97bd0f41206b8daaef8ef390f541262946dc4dbbfa52d7345a42ae2780ce89eb76c80ea11ce11a0d2801f9
-
SSDEEP
12288:pY4haDnLMzIL2q+RTdOL8zwrSzP79AL/csUiC/E60y2oYOx+XtQzsB2A/jY:bOyqGUL8XzP79ALSE60/fFMsg4
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-