General
-
Target
b084f904e680ea76fb4edddcab4ce166620ea7e9b70420b61b8e61f1e4218f6f.exe
-
Size
500KB
-
Sample
240322-drfeeafg92
-
MD5
bb780ef8f1b0df0345cdb4521d5d4f81
-
SHA1
da039e6d8037bbfee5cb9cf63cb45eace4f61354
-
SHA256
b084f904e680ea76fb4edddcab4ce166620ea7e9b70420b61b8e61f1e4218f6f
-
SHA512
b7fd76473116e65996e094c50a1d3a38137e873b627a769caf85460a2f57264f37c0d64380d833c9e8a02d8905794caaaf491406705568d15808deb5f3421cba
-
SSDEEP
6144:XrLn9veTfbI0tTUiqhgVLlrMkY3Dpo5a7pLJ29OcfPag0a54ZV/EQO0JUFyZ1vQp:H9V0jxdlrM7TpX7FUOcf95Exz+H
Static task
static1
Behavioral task
behavioral1
Sample
b084f904e680ea76fb4edddcab4ce166620ea7e9b70420b61b8e61f1e4218f6f.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
b084f904e680ea76fb4edddcab4ce166620ea7e9b70420b61b8e61f1e4218f6f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://meridianresourcellc.top/document/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b084f904e680ea76fb4edddcab4ce166620ea7e9b70420b61b8e61f1e4218f6f.exe
-
Size
500KB
-
MD5
bb780ef8f1b0df0345cdb4521d5d4f81
-
SHA1
da039e6d8037bbfee5cb9cf63cb45eace4f61354
-
SHA256
b084f904e680ea76fb4edddcab4ce166620ea7e9b70420b61b8e61f1e4218f6f
-
SHA512
b7fd76473116e65996e094c50a1d3a38137e873b627a769caf85460a2f57264f37c0d64380d833c9e8a02d8905794caaaf491406705568d15808deb5f3421cba
-
SSDEEP
6144:XrLn9veTfbI0tTUiqhgVLlrMkY3Dpo5a7pLJ29OcfPag0a54ZV/EQO0JUFyZ1vQp:H9V0jxdlrM7TpX7FUOcf95Exz+H
Score10/10-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-