General
-
Target
43c9d2ce7dd27609316480a0995af447903a6c9bf6dd64e4ff2ae666062076ba.exe
-
Size
617KB
-
Sample
240416-bhpwdafc31
-
MD5
7366fe55f804decd140f2f09dd2b8e9e
-
SHA1
dfcc22167c3ad24d1def8f2c19dce63643d40113
-
SHA256
43c9d2ce7dd27609316480a0995af447903a6c9bf6dd64e4ff2ae666062076ba
-
SHA512
38836a6fd931965abc6546f986287b308358c56f0deee709aa15a28e93c535d48e9a2ca42d3dbd1782bd8f07fb439c6b6698025cd7139147bf317f88689cbbd6
-
SSDEEP
12288:BHMNBhncmaAXrCIlve2pjkDO6uBZwlIs5bhq7ckR:lMNdrCGeCgvuBKGs5b4v
Static task
static1
Behavioral task
behavioral1
Sample
43c9d2ce7dd27609316480a0995af447903a6c9bf6dd64e4ff2ae666062076ba.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
43c9d2ce7dd27609316480a0995af447903a6c9bf6dd64e4ff2ae666062076ba.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://24.199.107.111/index.php/720637
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
43c9d2ce7dd27609316480a0995af447903a6c9bf6dd64e4ff2ae666062076ba.exe
-
Size
617KB
-
MD5
7366fe55f804decd140f2f09dd2b8e9e
-
SHA1
dfcc22167c3ad24d1def8f2c19dce63643d40113
-
SHA256
43c9d2ce7dd27609316480a0995af447903a6c9bf6dd64e4ff2ae666062076ba
-
SHA512
38836a6fd931965abc6546f986287b308358c56f0deee709aa15a28e93c535d48e9a2ca42d3dbd1782bd8f07fb439c6b6698025cd7139147bf317f88689cbbd6
-
SSDEEP
12288:BHMNBhncmaAXrCIlve2pjkDO6uBZwlIs5bhq7ckR:lMNdrCGeCgvuBKGs5b4v
Score10/10-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables packed with SmartAssembly
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-