General
-
Target
221215-mh8h9sfb5w
-
Size
435KB
-
Sample
240229-fvzcssee63
-
MD5
d0685a3e1535e388f7bc2eb4230318d7
-
SHA1
b5073080b6a4de023015ef3adb6463fa535b71bc
-
SHA256
1b574a66c84924886daec4841e1b107258e019aaf6f336329ae8fae7cbd52a34
-
SHA512
72615cdde8ff0673036a850e1a62ae81cc790b6d9a991bfe8f1d3667930c66b7b9ceb2bcde5148a5ca6201a24294d4ecbf2ba6c3b63f92c2de6c4d888a19044a
-
SSDEEP
6144:BjJCiYRb3lHWJ/AN06K4slx7mpJX9x98qKgZ3zWOlCV3LG50vVzVpTT:79Mb3U/ANDYUXx98jclCV3Li09zDT
Behavioral task
behavioral1
Sample
221215-mh8h9sfb5w.exe
Resource
win7-20240221-en
Malware Config
Extracted
lokibot
https://efvsx.gq/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
221215-mh8h9sfb5w
-
Size
435KB
-
MD5
d0685a3e1535e388f7bc2eb4230318d7
-
SHA1
b5073080b6a4de023015ef3adb6463fa535b71bc
-
SHA256
1b574a66c84924886daec4841e1b107258e019aaf6f336329ae8fae7cbd52a34
-
SHA512
72615cdde8ff0673036a850e1a62ae81cc790b6d9a991bfe8f1d3667930c66b7b9ceb2bcde5148a5ca6201a24294d4ecbf2ba6c3b63f92c2de6c4d888a19044a
-
SSDEEP
6144:BjJCiYRb3lHWJ/AN06K4slx7mpJX9x98qKgZ3zWOlCV3LG50vVzVpTT:79Mb3U/ANDYUXx98jclCV3Li09zDT
-
Detect ZGRat V1
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-