General
-
Target
08882f8548e7fdd0a66fb9a6060bf31c.exe
-
Size
1.2MB
-
Sample
230610-gakjksec73
-
MD5
08882f8548e7fdd0a66fb9a6060bf31c
-
SHA1
8f676417b3fee592df036af17c6536175a56624f
-
SHA256
77958de701e308745b585c20c67a1e1befd164238e6eb9ddb1a8012e5a69ef90
-
SHA512
b232168804504a48b861b4dc299fee743e6ef065420384a173b800ab99d6bcfb865906babdf36f14ed6f468add689d6a8bcc061f3465c8b7a81fbc500ac9f028
-
SSDEEP
24576:/PwXWyxbh2E6G3VibpHIdebodR6jlKFtQVUv+iP8o79bO+Q:/2NBhcG32poHRS2tQuWikK9jQ
Static task
static1
Behavioral task
behavioral1
Sample
08882f8548e7fdd0a66fb9a6060bf31c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
08882f8548e7fdd0a66fb9a6060bf31c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://194.180.48.58/black/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
08882f8548e7fdd0a66fb9a6060bf31c.exe
-
Size
1.2MB
-
MD5
08882f8548e7fdd0a66fb9a6060bf31c
-
SHA1
8f676417b3fee592df036af17c6536175a56624f
-
SHA256
77958de701e308745b585c20c67a1e1befd164238e6eb9ddb1a8012e5a69ef90
-
SHA512
b232168804504a48b861b4dc299fee743e6ef065420384a173b800ab99d6bcfb865906babdf36f14ed6f468add689d6a8bcc061f3465c8b7a81fbc500ac9f028
-
SSDEEP
24576:/PwXWyxbh2E6G3VibpHIdebodR6jlKFtQVUv+iP8o79bO+Q:/2NBhcG32poHRS2tQuWikK9jQ
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-