General
-
Target
a4da7bf70173e249f33d366d3ea3b39b25e1d25bb09d21b8ac5e1f4ef1aa8a0e
-
Size
534KB
-
Sample
240417-qm3qcsag8x
-
MD5
f0148b006614301ca6a4ee9866eaf53b
-
SHA1
42171284da0b772b0909507c46f5dadc4b300d23
-
SHA256
a4da7bf70173e249f33d366d3ea3b39b25e1d25bb09d21b8ac5e1f4ef1aa8a0e
-
SHA512
cc3dbd41f042411299b865dc6153cb9b21e4398a4bb9aa5f53f8d066d42483898fc5a3811668a93348a3e866aff66db1e7db7b33f021659f501bf50693a3bff1
-
SSDEEP
12288:MZrNJQ/OC4Na38lsymu+Kczw5fr08Xj++zJz4ZtgaPrLGmriilD/9ZwI:MZr0/OG3lyvr1ZTAZ6aeyt/9ZJ
Behavioral task
behavioral1
Sample
e20cf5c319fe815eb1845556289e56f8c3241019a907adb6f4a33e8dc9ecab59.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e20cf5c319fe815eb1845556289e56f8c3241019a907adb6f4a33e8dc9ecab59.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://sempersim.su/c19/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e20cf5c319fe815eb1845556289e56f8c3241019a907adb6f4a33e8dc9ecab59.exe
-
Size
559KB
-
MD5
f13f9ca5ede930df8310e504372ca4e5
-
SHA1
bd28bfbb2472cd7f66be9cfcc11b77c17d08cec7
-
SHA256
e20cf5c319fe815eb1845556289e56f8c3241019a907adb6f4a33e8dc9ecab59
-
SHA512
ffe9fc1378bd084fa785c2d9361c32dcc740355d208b425647b3a0e5b02f8040154e60595e62c8100728ed4ded99c1d9ce3c69de3a8ce4226d50be0c5955850a
-
SSDEEP
12288:CsHzOUNUSB/o5LsI1uwajJ5yvv1l2ihNYL+58d2:ViUmSB/o5d1ubcvvu+502
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-