General
-
Target
b4a4da0e2f4a40c5c37ac9542653dd85
-
Size
505KB
-
Sample
240305-n471asfa54
-
MD5
b4a4da0e2f4a40c5c37ac9542653dd85
-
SHA1
2d69e8e3a25e01fe0c7b9e7f7de8479d641665fd
-
SHA256
fdfd577e66b1db53a9e7388c779cacbb7d47397ef8f5550a33777826173ac000
-
SHA512
c32ce3b3020ea90bc90fa9ec652e97e2c56124bcb36846a282aacdbade719ba33932d7f940b08321fe7b16f1a61f49de9c125fe69b9cd26b4ff1ba064e9fe46b
-
SSDEEP
12288:zPEmcXSwQ+poFHMzMv28Z6qDKV0H0BmS3GRevVYLWb2k:zPEmcSwq68Z/DQXGRr62k
Static task
static1
Behavioral task
behavioral1
Sample
IP08323_21 ROLLERS.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
IP08323_21 ROLLERS.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://eneos.com.tw/includes/imt/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
IP08323_21 ROLLERS.exe
-
Size
694KB
-
MD5
46bba4d60a7d0a6f3ea41d8f2d1ff5a8
-
SHA1
0e7c0cafea163a2d27a6165cb4cda1afc196531f
-
SHA256
81a4aaff9520803ff6cb7f1100024e0c2bc40750c05290f53c5e01b5cff6a59c
-
SHA512
a2e498ba924405cac6f9ccc6279697725a33ec1a939db2a55a5e337580afc5f37682bdf14deee1221cb192e57de1f23b58a1d9731538063b6a272e85fc0c9442
-
SSDEEP
12288:h1Wl8T5zM63xjme3fHhtQFGHykkEJVNuoJy:hA2Vdx/htQUSNQvU
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-