General
-
Target
ac29b52dce3403d45c606e2f3c2fb81bf32d0e5368575eedbd734a647bbb1630.lnk
-
Size
2KB
-
Sample
240314-c62eragf8s
-
MD5
a8c342249f92e8f834469cd5fe517643
-
SHA1
bbfe62a54df0ea6bc13d470b65ecf65ffc2cff91
-
SHA256
ac29b52dce3403d45c606e2f3c2fb81bf32d0e5368575eedbd734a647bbb1630
-
SHA512
f780b14bce2c17be4ca0d58f818dd23f526d31566e44ae775229ef1beeaec6c94729588c71385a8a9ac382a887518037fc21367ac84a93f5dfaf1386f3ade551
Static task
static1
Behavioral task
behavioral1
Sample
ac29b52dce3403d45c606e2f3c2fb81bf32d0e5368575eedbd734a647bbb1630.lnk
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ac29b52dce3403d45c606e2f3c2fb81bf32d0e5368575eedbd734a647bbb1630.lnk
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://js-hurling.com/sourcecontent/jsgnjnwjenrgwunibhbsrjhbbabrghrbgkbhrjglhgjrwrhtkjabtkghbgtrg/fjsnvkdthtgr/TvipY.exe
Extracted
lokibot
http://94.156.66.115:4012/dolul/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ac29b52dce3403d45c606e2f3c2fb81bf32d0e5368575eedbd734a647bbb1630.lnk
-
Size
2KB
-
MD5
a8c342249f92e8f834469cd5fe517643
-
SHA1
bbfe62a54df0ea6bc13d470b65ecf65ffc2cff91
-
SHA256
ac29b52dce3403d45c606e2f3c2fb81bf32d0e5368575eedbd734a647bbb1630
-
SHA512
f780b14bce2c17be4ca0d58f818dd23f526d31566e44ae775229ef1beeaec6c94729588c71385a8a9ac382a887518037fc21367ac84a93f5dfaf1386f3ade551
Score10/10-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables packed with ConfuserEx Mod
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-