General
-
Target
ce85f6ed7367b0ff5b3a2a7c0f03d688
-
Size
773KB
-
Sample
240316-t2wgdaef71
-
MD5
ce85f6ed7367b0ff5b3a2a7c0f03d688
-
SHA1
13235ccbd9e702ea0fa6f435345bf3a93b47b0cd
-
SHA256
fdba896912c1dde493e9f989e50defb1a8fed992bb11677f4e5b4bb84e797aea
-
SHA512
9b257b1ee32469ad9e454e178c925dbb5b8399711617ca0bfc9fc01e749d8ff5af0bfe0d947434fb20c73763c763eeea8a9a0e1ff3e13b3e8485182a7e037311
-
SSDEEP
12288:5x4FeeJr7uapz/aoSyLGdubJVp5GbjPjF5SN:5x4FhJreoS2pgnPjH
Static task
static1
Behavioral task
behavioral1
Sample
ce85f6ed7367b0ff5b3a2a7c0f03d688.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ce85f6ed7367b0ff5b3a2a7c0f03d688.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
lokibot
http://manvim.co/fd2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ce85f6ed7367b0ff5b3a2a7c0f03d688
-
Size
773KB
-
MD5
ce85f6ed7367b0ff5b3a2a7c0f03d688
-
SHA1
13235ccbd9e702ea0fa6f435345bf3a93b47b0cd
-
SHA256
fdba896912c1dde493e9f989e50defb1a8fed992bb11677f4e5b4bb84e797aea
-
SHA512
9b257b1ee32469ad9e454e178c925dbb5b8399711617ca0bfc9fc01e749d8ff5af0bfe0d947434fb20c73763c763eeea8a9a0e1ff3e13b3e8485182a7e037311
-
SSDEEP
12288:5x4FeeJr7uapz/aoSyLGdubJVp5GbjPjF5SN:5x4FhJreoS2pgnPjH
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-