General
-
Target
d2ad8e36ba4aa3c1635f8382ebbfd829
-
Size
701KB
-
Sample
240318-fy356ahc26
-
MD5
d2ad8e36ba4aa3c1635f8382ebbfd829
-
SHA1
6e719901188332701aaa77eed55f5a3f6b73c752
-
SHA256
97c5d022e962265700310cca15d32fb5446cb117cb821fd293f114a5c43ca07c
-
SHA512
9afcca08af48931141337021c3d52867e4cf0a28b8e51bf9de795226deffe6f5f9657fbb8d6489254b4170140b997cb060a65a08dbcdbcec3e7cdb4a0142c9f6
-
SSDEEP
12288:Adhh5cnYQheLcnLEHao2C9mIzUewRTCf0L8pgd+bLXKO4f9YpamHdmM6P44LzpOS:AdFXHaPC9mIzUewRTCMgpgIbLKO4VYp7
Static task
static1
Behavioral task
behavioral1
Sample
d2ad8e36ba4aa3c1635f8382ebbfd829.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d2ad8e36ba4aa3c1635f8382ebbfd829.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://manvim.co/fd5/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d2ad8e36ba4aa3c1635f8382ebbfd829
-
Size
701KB
-
MD5
d2ad8e36ba4aa3c1635f8382ebbfd829
-
SHA1
6e719901188332701aaa77eed55f5a3f6b73c752
-
SHA256
97c5d022e962265700310cca15d32fb5446cb117cb821fd293f114a5c43ca07c
-
SHA512
9afcca08af48931141337021c3d52867e4cf0a28b8e51bf9de795226deffe6f5f9657fbb8d6489254b4170140b997cb060a65a08dbcdbcec3e7cdb4a0142c9f6
-
SSDEEP
12288:Adhh5cnYQheLcnLEHao2C9mIzUewRTCf0L8pgd+bLXKO4f9YpamHdmM6P44LzpOS:AdFXHaPC9mIzUewRTCMgpgIbLKO4VYp7
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-