General
-
Target
c8268fdcf0f3b3c81d61dc1a657e9e7f
-
Size
587KB
-
Sample
240314-j9l8kaeg5x
-
MD5
c8268fdcf0f3b3c81d61dc1a657e9e7f
-
SHA1
a5292fed014578d4f500ce51263f3b68dcfa75a3
-
SHA256
a9d8ff851ff8644ca724b4f4cac643aebdcdf200df30b86066db120cd0d574b2
-
SHA512
d0546495bab911dcf74c53e9beb7494bfd9cc1f931dbcf848be4d919053f46d4e831bb573ac70172b00423e0a23412ff0ab3a6b5ef86132a459f223cb05f6e58
-
SSDEEP
12288:1JXe9PPlowWX0t6mOQwg1Qd15CcYk0We1rSnTmaeJnFwtc5OG3vuq:1whloDX0XOf4sQnOclGq
Behavioral task
behavioral1
Sample
c8268fdcf0f3b3c81d61dc1a657e9e7f.exe
Resource
win7-20240221-en
Malware Config
Extracted
lokibot
http://abrokenskull.ga/BN22/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c8268fdcf0f3b3c81d61dc1a657e9e7f
-
Size
587KB
-
MD5
c8268fdcf0f3b3c81d61dc1a657e9e7f
-
SHA1
a5292fed014578d4f500ce51263f3b68dcfa75a3
-
SHA256
a9d8ff851ff8644ca724b4f4cac643aebdcdf200df30b86066db120cd0d574b2
-
SHA512
d0546495bab911dcf74c53e9beb7494bfd9cc1f931dbcf848be4d919053f46d4e831bb573ac70172b00423e0a23412ff0ab3a6b5ef86132a459f223cb05f6e58
-
SSDEEP
12288:1JXe9PPlowWX0t6mOQwg1Qd15CcYk0We1rSnTmaeJnFwtc5OG3vuq:1whloDX0XOf4sQnOclGq
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-