General
-
Target
b3a855b248ac981f2edca2e162d51509
-
Size
679KB
-
Sample
240305-dz9m8adc6v
-
MD5
b3a855b248ac981f2edca2e162d51509
-
SHA1
d98eac5aa7d9fe044ba0ea1970e96258ce8a2ae1
-
SHA256
4f6d66cea6a8dcd4a29089e58d5adc3858445d4bba816fb2aa6ebc9cecfea68b
-
SHA512
99b4ba5a150df36fd6d6a6fea4ced94fb3f40c0baf2374c279b1ec0e06848f74289750661f0c218b007b70e47bcf6d4bd1ddf32b433048c6541ac64abd888444
-
SSDEEP
12288:kuVE2anr5O/FoYHYciqIME/vgflTYNEicq0GN/Z9lOWTUwNK5JOEPpBja:JE2ar5FYHz5IB/kRYNEicq0GlNOWzSHa
Static task
static1
Behavioral task
behavioral1
Sample
b3a855b248ac981f2edca2e162d51509.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b3a855b248ac981f2edca2e162d51509.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/7KyDs3toUfmfd
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b3a855b248ac981f2edca2e162d51509
-
Size
679KB
-
MD5
b3a855b248ac981f2edca2e162d51509
-
SHA1
d98eac5aa7d9fe044ba0ea1970e96258ce8a2ae1
-
SHA256
4f6d66cea6a8dcd4a29089e58d5adc3858445d4bba816fb2aa6ebc9cecfea68b
-
SHA512
99b4ba5a150df36fd6d6a6fea4ced94fb3f40c0baf2374c279b1ec0e06848f74289750661f0c218b007b70e47bcf6d4bd1ddf32b433048c6541ac64abd888444
-
SSDEEP
12288:kuVE2anr5O/FoYHYciqIME/vgflTYNEicq0GN/Z9lOWTUwNK5JOEPpBja:JE2ar5FYHz5IB/kRYNEicq0GlNOWzSHa
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-