General
-
Target
202bb0c3e66d81f1a6ae9445cb73a640eba568ae43f4078739829facfc6a4a76.exe
-
Size
534KB
-
Sample
240308-chvbjadd8t
-
MD5
4a2201003ea6bdfe56c4308d58e37443
-
SHA1
899db1f1bcc4df37b06365a84502f897882d24ca
-
SHA256
202bb0c3e66d81f1a6ae9445cb73a640eba568ae43f4078739829facfc6a4a76
-
SHA512
6c7cddbd1f623a59b2ab674c53d908bdd6071fff5b068a6f40d0263936c680b42c2762fc0ff5e094476bffc65a0845dd4886dc560c0e87bc566de571280b2dfe
-
SSDEEP
12288:MymXNjZLA2CtTfImso9/lcZb6SiABO+I4Nd:zttTHt863IO+z
Static task
static1
Behavioral task
behavioral1
Sample
202bb0c3e66d81f1a6ae9445cb73a640eba568ae43f4078739829facfc6a4a76.exe
Resource
win7-20240221-en
Malware Config
Extracted
lokibot
https://sempersim.su/c11/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
202bb0c3e66d81f1a6ae9445cb73a640eba568ae43f4078739829facfc6a4a76.exe
-
Size
534KB
-
MD5
4a2201003ea6bdfe56c4308d58e37443
-
SHA1
899db1f1bcc4df37b06365a84502f897882d24ca
-
SHA256
202bb0c3e66d81f1a6ae9445cb73a640eba568ae43f4078739829facfc6a4a76
-
SHA512
6c7cddbd1f623a59b2ab674c53d908bdd6071fff5b068a6f40d0263936c680b42c2762fc0ff5e094476bffc65a0845dd4886dc560c0e87bc566de571280b2dfe
-
SSDEEP
12288:MymXNjZLA2CtTfImso9/lcZb6SiABO+I4Nd:zttTHt863IO+z
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-