General
-
Target
20848021a4b56d6abd12e32715b29ce4
-
Size
457KB
-
Sample
240229-tmq84sed88
-
MD5
20848021a4b56d6abd12e32715b29ce4
-
SHA1
fd9ed2261fcfe189aa1a68b96a84343cc575d4be
-
SHA256
e7024298f955778f099dd0bbd8310abb90c39088d23a3a429ca5738c4b21bc9f
-
SHA512
20b0e709ba6e7902ebd378b8eb8cfd986369a1f735e35ae596abe08d47f0ca45f4e7f44911feaee3c76f9d6f1d1730c5798a8ffb0e082c9240378f76695990cb
-
SSDEEP
12288:xaq/Az+p7lmOdOIrFxIpnqvS1HSnpP8UT:FozxW5gnSwHSnWU
Static task
static1
Behavioral task
behavioral1
Sample
20848021a4b56d6abd12e32715b29ce4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
20848021a4b56d6abd12e32715b29ce4.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://194.55.224.16/pablo/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
20848021a4b56d6abd12e32715b29ce4
-
Size
457KB
-
MD5
20848021a4b56d6abd12e32715b29ce4
-
SHA1
fd9ed2261fcfe189aa1a68b96a84343cc575d4be
-
SHA256
e7024298f955778f099dd0bbd8310abb90c39088d23a3a429ca5738c4b21bc9f
-
SHA512
20b0e709ba6e7902ebd378b8eb8cfd986369a1f735e35ae596abe08d47f0ca45f4e7f44911feaee3c76f9d6f1d1730c5798a8ffb0e082c9240378f76695990cb
-
SSDEEP
12288:xaq/Az+p7lmOdOIrFxIpnqvS1HSnpP8UT:FozxW5gnSwHSnWU
Score10/10-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-