General
-
Target
acef407cd9b335c0c1ca6582aef98d35.bin
-
Size
851KB
-
Sample
240301-dba5rabc72
-
MD5
acef407cd9b335c0c1ca6582aef98d35
-
SHA1
28569bb0962cbe06d1344a61aa8c426746494632
-
SHA256
2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee
-
SHA512
3a4802a7b378a8b3cfdfcc1bff108756d3cf30a4d9218fdcfcc55000093a3a2951bb0238d6ab199eade72966984446ffd4120fa6b69ba1df30f8f1900cfc856c
-
SSDEEP
12288:7E3CyWQuuvDBddbgYUhKyW585/Fy02EfedMWr5mpmZb03629fZQCcgV8oVe0mo5g:7UrTuMddMYUs+XaECMuBSR1kgV8YE4g
Static task
static1
Behavioral task
behavioral1
Sample
acef407cd9b335c0c1ca6582aef98d35.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
acef407cd9b335c0c1ca6582aef98d35.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://192.236.179.121/new/zubby/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
acef407cd9b335c0c1ca6582aef98d35.bin
-
Size
851KB
-
MD5
acef407cd9b335c0c1ca6582aef98d35
-
SHA1
28569bb0962cbe06d1344a61aa8c426746494632
-
SHA256
2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee
-
SHA512
3a4802a7b378a8b3cfdfcc1bff108756d3cf30a4d9218fdcfcc55000093a3a2951bb0238d6ab199eade72966984446ffd4120fa6b69ba1df30f8f1900cfc856c
-
SSDEEP
12288:7E3CyWQuuvDBddbgYUhKyW585/Fy02EfedMWr5mpmZb03629fZQCcgV8oVe0mo5g:7UrTuMddMYUs+XaECMuBSR1kgV8YE4g
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-