General
-
Target
b1f8160c5b8b4318543fe49946da025e
-
Size
874KB
-
Sample
240304-m7nkdshg72
-
MD5
b1f8160c5b8b4318543fe49946da025e
-
SHA1
4c877a0f62f7b5300b24b416a084b178c6ed7998
-
SHA256
519168235df4b84e9d493e8d4d1cd5c013a6981b01dfc47e68b44bdeaa975a5c
-
SHA512
5a20453132ed3bc563161521f133a91b23b5847c5fc2494145f8ab986cece2f5c9ca6298a075b9d3a12996f0f9479cab06ec00d8e4d6f997291896c64ecebd07
-
SSDEEP
24576:EWmTGdGMc8DS/d3YK64JhKE92KpxoZQiW0:7XK64JT92xw
Static task
static1
Behavioral task
behavioral1
Sample
b1f8160c5b8b4318543fe49946da025e.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
b1f8160c5b8b4318543fe49946da025e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://manvim.co/fd5/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b1f8160c5b8b4318543fe49946da025e
-
Size
874KB
-
MD5
b1f8160c5b8b4318543fe49946da025e
-
SHA1
4c877a0f62f7b5300b24b416a084b178c6ed7998
-
SHA256
519168235df4b84e9d493e8d4d1cd5c013a6981b01dfc47e68b44bdeaa975a5c
-
SHA512
5a20453132ed3bc563161521f133a91b23b5847c5fc2494145f8ab986cece2f5c9ca6298a075b9d3a12996f0f9479cab06ec00d8e4d6f997291896c64ecebd07
-
SSDEEP
24576:EWmTGdGMc8DS/d3YK64JhKE92KpxoZQiW0:7XK64JT92xw
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-