General
-
Target
d64d6e211e21f9bc7f8bd2c68ea42b54
-
Size
514KB
-
Sample
240319-rew4aadg45
-
MD5
d64d6e211e21f9bc7f8bd2c68ea42b54
-
SHA1
b0499ed19ba61b819d77992e8ee96477a309d432
-
SHA256
368a4dda90b399ae7d0ed91b5c8d1c9fd7cf90948cc6aaf808375381047896d5
-
SHA512
33c61eb6f159f67214e1097835243fe6dfa5b0bd91395215685968d97243d46cca709f3b5c36f861034e0ae1186029248d16eaf2f4a83f3e8a82abeefb1c9d72
-
SSDEEP
12288:2gxw+tZYaWvuEiz1molQXg4Pj3KEQPdHqaYiZp:REiz1mXg4Pj3KXFjYi/
Static task
static1
Behavioral task
behavioral1
Sample
d64d6e211e21f9bc7f8bd2c68ea42b54.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d64d6e211e21f9bc7f8bd2c68ea42b54.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://brokenislegion.tk/BN1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d64d6e211e21f9bc7f8bd2c68ea42b54
-
Size
514KB
-
MD5
d64d6e211e21f9bc7f8bd2c68ea42b54
-
SHA1
b0499ed19ba61b819d77992e8ee96477a309d432
-
SHA256
368a4dda90b399ae7d0ed91b5c8d1c9fd7cf90948cc6aaf808375381047896d5
-
SHA512
33c61eb6f159f67214e1097835243fe6dfa5b0bd91395215685968d97243d46cca709f3b5c36f861034e0ae1186029248d16eaf2f4a83f3e8a82abeefb1c9d72
-
SSDEEP
12288:2gxw+tZYaWvuEiz1molQXg4Pj3KEQPdHqaYiZp:REiz1mXg4Pj3KXFjYi/
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-