General
-
Target
467d80ed674c45af3b474549d253e05d2478d52768c38fbd5ffae2eb820e12c4
-
Size
935KB
-
Sample
240330-xxws5adc82
-
MD5
c1b59591ec250e271c4c30cf994e6ee1
-
SHA1
009a456d4e6d9f3a1961bdbdab47afaed7427963
-
SHA256
467d80ed674c45af3b474549d253e05d2478d52768c38fbd5ffae2eb820e12c4
-
SHA512
d9b5b6757f7868b6427c3bc53183201d57fc93ba1f9a9e47611f5963be7aede8158663d91bd06c4c7cd429c55adf71933d36b8f3ddfaac9d370c3179c71fcac4
-
SSDEEP
12288:Stb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaLp83TYDUqOP6A:Stb20pkaCqT5TBWgNQ7aL23TqOP6A
Static task
static1
Behavioral task
behavioral1
Sample
467d80ed674c45af3b474549d253e05d2478d52768c38fbd5ffae2eb820e12c4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
467d80ed674c45af3b474549d253e05d2478d52768c38fbd5ffae2eb820e12c4.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://www.dobiamfollollc.online:3777/vogxhf/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
467d80ed674c45af3b474549d253e05d2478d52768c38fbd5ffae2eb820e12c4
-
Size
935KB
-
MD5
c1b59591ec250e271c4c30cf994e6ee1
-
SHA1
009a456d4e6d9f3a1961bdbdab47afaed7427963
-
SHA256
467d80ed674c45af3b474549d253e05d2478d52768c38fbd5ffae2eb820e12c4
-
SHA512
d9b5b6757f7868b6427c3bc53183201d57fc93ba1f9a9e47611f5963be7aede8158663d91bd06c4c7cd429c55adf71933d36b8f3ddfaac9d370c3179c71fcac4
-
SSDEEP
12288:Stb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaLp83TYDUqOP6A:Stb20pkaCqT5TBWgNQ7aL23TqOP6A
Score10/10-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-