General
-
Target
931e722f5e3571939e8503189b782db0.exe
-
Size
511KB
-
Sample
230619-t1cymsgb8w
-
MD5
931e722f5e3571939e8503189b782db0
-
SHA1
b37014f66d8b904725f488e9b8b8480675147314
-
SHA256
3dd7f1720261b8846b6d2fb7fda89dcbc93fdbc7b69f7c49301daa5add74838d
-
SHA512
4ad44b17cc9aa24c8277f78beaebca173256db59edf10a78ceab2bd1ad56b5336be74e55d44b0c00f2dddd41b97a94588aea6dc35da8f0c7d21518842251253a
-
SSDEEP
6144:2qJsocMS507SQfzFp6Wndk9YvhVTcgL/dpd1N/trCSeL2o6/n0h+ag1CWQbSfQqJ:jJsocMd7RpR66QgL/TdPUSL8EKqfEY
Static task
static1
Behavioral task
behavioral1
Sample
931e722f5e3571939e8503189b782db0.exe
Resource
win7-20230220-en
Malware Config
Extracted
lokibot
http://hmsd.us/loki/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
931e722f5e3571939e8503189b782db0.exe
-
Size
511KB
-
MD5
931e722f5e3571939e8503189b782db0
-
SHA1
b37014f66d8b904725f488e9b8b8480675147314
-
SHA256
3dd7f1720261b8846b6d2fb7fda89dcbc93fdbc7b69f7c49301daa5add74838d
-
SHA512
4ad44b17cc9aa24c8277f78beaebca173256db59edf10a78ceab2bd1ad56b5336be74e55d44b0c00f2dddd41b97a94588aea6dc35da8f0c7d21518842251253a
-
SSDEEP
6144:2qJsocMS507SQfzFp6Wndk9YvhVTcgL/dpd1N/trCSeL2o6/n0h+ag1CWQbSfQqJ:jJsocMd7RpR66QgL/TdPUSL8EKqfEY
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-