General
-
Target
d703bde413e9a4aae516f61c28139aea
-
Size
256KB
-
Sample
240319-yypa4sec72
-
MD5
d703bde413e9a4aae516f61c28139aea
-
SHA1
b46a928e555f14d0c7ca60dbe0bbaff6b2b53d02
-
SHA256
accb02587a341ce3758463532ca9d2897d517669404c8c8452b005c8fc573f5e
-
SHA512
95049c298d2365d5e7491703884788fb1e6e1fe2f88e16ef4aa869ed68f9ea2e851f8bc272f839c3f90dbe2c6553e2891269b5b275ebe8b5d74c31da50df244e
-
SSDEEP
3072:UTGNb5MV0D7p9HKK9jf5UjfRmdk/yVAhOlk2ve+WTDzMoNzveijUAsCt8dCLlNIe:1TfHhmEk/yVAu4H7zGAlsn+nqQqLQ
Static task
static1
Behavioral task
behavioral1
Sample
d703bde413e9a4aae516f61c28139aea.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d703bde413e9a4aae516f61c28139aea.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
lokibot
http://apponline354.ir/msn/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d703bde413e9a4aae516f61c28139aea
-
Size
256KB
-
MD5
d703bde413e9a4aae516f61c28139aea
-
SHA1
b46a928e555f14d0c7ca60dbe0bbaff6b2b53d02
-
SHA256
accb02587a341ce3758463532ca9d2897d517669404c8c8452b005c8fc573f5e
-
SHA512
95049c298d2365d5e7491703884788fb1e6e1fe2f88e16ef4aa869ed68f9ea2e851f8bc272f839c3f90dbe2c6553e2891269b5b275ebe8b5d74c31da50df244e
-
SSDEEP
3072:UTGNb5MV0D7p9HKK9jf5UjfRmdk/yVAhOlk2ve+WTDzMoNzveijUAsCt8dCLlNIe:1TfHhmEk/yVAu4H7zGAlsn+nqQqLQ
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-