General
-
Target
931e722f5e3571939e8503189b782db0.bin
-
Size
359KB
-
Sample
230621-bxgtbafb45
-
MD5
fc2ed6ae1082a9bc61404149faf96822
-
SHA1
ee574e8f7d29a7124e40416fdcfbf4cbcb4d7756
-
SHA256
9e83add29e1a91adef77f392e2e6eb03976df2ea4c91263ecac3762e5b433332
-
SHA512
79a3ec5e22e873beb3d4ea896360eaef85768e697bf474bd979de24075aa3f29b82b25924bd0991ecabc3099f2f266c444ea62a56f2687e28cff517624fdb720
-
SSDEEP
6144:BA7VPF0RZC7PO9ZQ1/Nw6DlM8A0yr+3cUkwtpSTrlOGTDqtd5RAlcvJTQj4:YPF1O9ZQfVA0yr+3lzPSH0cKWk
Static task
static1
Behavioral task
behavioral1
Sample
3dd7f1720261b8846b6d2fb7fda89dcbc93fdbc7b69f7c49301daa5add74838d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
3dd7f1720261b8846b6d2fb7fda89dcbc93fdbc7b69f7c49301daa5add74838d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://hmsd.us/loki/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3dd7f1720261b8846b6d2fb7fda89dcbc93fdbc7b69f7c49301daa5add74838d.exe
-
Size
511KB
-
MD5
931e722f5e3571939e8503189b782db0
-
SHA1
b37014f66d8b904725f488e9b8b8480675147314
-
SHA256
3dd7f1720261b8846b6d2fb7fda89dcbc93fdbc7b69f7c49301daa5add74838d
-
SHA512
4ad44b17cc9aa24c8277f78beaebca173256db59edf10a78ceab2bd1ad56b5336be74e55d44b0c00f2dddd41b97a94588aea6dc35da8f0c7d21518842251253a
-
SSDEEP
6144:2qJsocMS507SQfzFp6Wndk9YvhVTcgL/dpd1N/trCSeL2o6/n0h+ag1CWQbSfQqJ:jJsocMd7RpR66QgL/TdPUSL8EKqfEY
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-