General
-
Target
Заказ на покупку_(P.O_6203445-2024)_Викторович ООО.iso
-
Size
718KB
-
Sample
240125-s3hq8shhc6
-
MD5
3b2bbedd413b309ae35d3deb6895b174
-
SHA1
9d7e92a626c2102bce2927b63d9890fb5c5d9ab6
-
SHA256
cd795efaecacad8749827588ac045d9d209a0eb29656a0c5cc903f1ad49231d7
-
SHA512
4bab76fe085419cf11fb40b3a5b0c92aefc1541db94f909af2551e6d92ab67d1b8ea38aa2e8b144bb864def0ec2a6e1fe7df66782b40c3d9c2004185f2e8e202
-
SSDEEP
12288:GqUyZzjn9co0d0wvvSQNCY62XACRCY27D:pdZKo02cvS4CY6iAqCY27
Static task
static1
Behavioral task
behavioral1
Sample
Заказ на покупку_(P.O_6203445-2024)_Викторович ООО.exe
Resource
win7-20231215-en
Malware Config
Extracted
lokibot
https://novlkyy.shop/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Заказ на покупку_(P.O_6203445-2024)_Викторович ООО.exe
-
Size
657KB
-
MD5
0e791ce3c5922bb2cd95f33b59296db3
-
SHA1
b2f53b32ccef839718bbd47b560daeb7e8aa541c
-
SHA256
0c82feaf206d2633de0904b7fe4f34da47e4dcf08079afd668101c180e2df32d
-
SHA512
011c5e502bc3a90f9672411b81c44967401d91365f0951e22c2a4621e27f702696c528d5da4c1484d579b9b6cd22b2d3441d6989d96103e4c2b0599c9dfdcaf2
-
SSDEEP
12288:uqUyZzjn9co0d0wvvSQNCY62XACRCY27D8:xdZKo02cvS4CY6iAqCY27Y
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-