General
-
Target
c7156b29b061390759e59562222f7063
-
Size
822KB
-
Sample
240313-25y1nsbh3w
-
MD5
c7156b29b061390759e59562222f7063
-
SHA1
e3630f2179c7456a312492f30fde1d37de6cf947
-
SHA256
4b921ff282957a93f97e04bc674cf43583f8a9111caa7cb2c1889c87d6725b8b
-
SHA512
e18cd12fa14cc46429befc929b6e686d319ac2957982d36253298c7634f8ac69319a3a8277effa6918cf04f8076981ca0ff23de6552bcf2cac1d5479c18d16ba
-
SSDEEP
12288:DYnf1VVX/aL97Rssmy9gvn+IW1EA6uGYsZKJLc5ySMPQipP5Y:4fxSL9df6vn+IzAEKJGip6
Static task
static1
Behavioral task
behavioral1
Sample
c7156b29b061390759e59562222f7063.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c7156b29b061390759e59562222f7063.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://ibmcloudstorage.tk/Bash1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c7156b29b061390759e59562222f7063
-
Size
822KB
-
MD5
c7156b29b061390759e59562222f7063
-
SHA1
e3630f2179c7456a312492f30fde1d37de6cf947
-
SHA256
4b921ff282957a93f97e04bc674cf43583f8a9111caa7cb2c1889c87d6725b8b
-
SHA512
e18cd12fa14cc46429befc929b6e686d319ac2957982d36253298c7634f8ac69319a3a8277effa6918cf04f8076981ca0ff23de6552bcf2cac1d5479c18d16ba
-
SSDEEP
12288:DYnf1VVX/aL97Rssmy9gvn+IW1EA6uGYsZKJLc5ySMPQipP5Y:4fxSL9df6vn+IzAEKJGip6
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-