General
-
Target
43edf7af78a3ed2272221db663c1afd3e24b61cf10e727fd136c658f70abc633
-
Size
284KB
-
Sample
240331-lsztfaac96
-
MD5
7a060a1e3aa99e966da96c0ce81195ce
-
SHA1
3ec0bb93c351b54de88440235cefe737fc315580
-
SHA256
43edf7af78a3ed2272221db663c1afd3e24b61cf10e727fd136c658f70abc633
-
SHA512
7d01fede33dc48585ebf369a45d0847ffada83b3cc8b6392ebc58c291b91988563f96934e7d885e6421cc91be5784eb03c80972ae5680b2890461f0c17cb7c54
-
SSDEEP
6144:rGiXGcdl1BHuLzpvGTbeGn1CG6uiOvpwQgaoA32l7JXFzXQDNKOgJM:TtdlfuPpenHCmDgR023eQJM
Static task
static1
Behavioral task
behavioral1
Sample
43edf7af78a3ed2272221db663c1afd3e24b61cf10e727fd136c658f70abc633.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
43edf7af78a3ed2272221db663c1afd3e24b61cf10e727fd136c658f70abc633.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/itbd.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/itbd.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=5803588
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
43edf7af78a3ed2272221db663c1afd3e24b61cf10e727fd136c658f70abc633
-
Size
284KB
-
MD5
7a060a1e3aa99e966da96c0ce81195ce
-
SHA1
3ec0bb93c351b54de88440235cefe737fc315580
-
SHA256
43edf7af78a3ed2272221db663c1afd3e24b61cf10e727fd136c658f70abc633
-
SHA512
7d01fede33dc48585ebf369a45d0847ffada83b3cc8b6392ebc58c291b91988563f96934e7d885e6421cc91be5784eb03c80972ae5680b2890461f0c17cb7c54
-
SSDEEP
6144:rGiXGcdl1BHuLzpvGTbeGn1CG6uiOvpwQgaoA32l7JXFzXQDNKOgJM:TtdlfuPpenHCmDgR023eQJM
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/itbd.dll
-
Size
88KB
-
MD5
139dbcbeeaaf2d5a55c634208a0efa34
-
SHA1
515576bdd64f07f007843ead1197ac34a4d65243
-
SHA256
872e5aa466a8fc417fbf49fef4aaeb3ce941200a62794fd7b8f1cdbb8cdddcc0
-
SHA512
15e202ca78c87253f39505304ecae935e808b731281bcbc84d476fe711918a16557086a9b6951427d4f4e5ab995ce9d572f5ba07c325dc7753ec01092d6cef2d
-
SSDEEP
1536:W1h8Lsu0K4ZjTTm4qTfYS375Q+kZT8ywzViIkzSzRrsWjcdKkzo6KAUSnWgVpXP:Wr8MKkGDTDVZnkzSzRUKkzo6KSNZP
Score10/10-
Blocklisted process makes network request
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-