General
-
Target
f2e41572f57eb53bd9a7fd8997ecaadbaa1d02b1f4ad11c83c608c42c700c2ea
-
Size
577KB
-
Sample
240417-rgnjxscf7w
-
MD5
fbd54a7af37e59b18d4978d65b88e755
-
SHA1
319b3831e6e9a3bc3b79b103b4e1ffadf3a54ee0
-
SHA256
f2e41572f57eb53bd9a7fd8997ecaadbaa1d02b1f4ad11c83c608c42c700c2ea
-
SHA512
5677076f80a487f8f38b59c16ec70966b6126dde2cc1df73e3b8c163d8459c727c27fa4f837bad5adb25fb54b20a8d31a28b5c4f6096437d291897dd53bc9729
-
SSDEEP
12288:Eg3iEPuDcvoWzfw04Rmfg0Th9wO2yQVL5Lz6e3j2JdzA1gghZ06Vx6gY:Eg8xWzff42g0TnYJz6CqJdzAygo6RY
Static task
static1
Behavioral task
behavioral1
Sample
a533e98a86c878c9eeb075acf501ff5f27641b9677ea1a2b11ef65823cbaf1b5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a533e98a86c878c9eeb075acf501ff5f27641b9677ea1a2b11ef65823cbaf1b5.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
https://sempersim.su/c12/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a533e98a86c878c9eeb075acf501ff5f27641b9677ea1a2b11ef65823cbaf1b5.exe
-
Size
670KB
-
MD5
2993b43ab067e38dbcdfca13cc96d1b8
-
SHA1
1e7af85daa548f03710414f3f1eaec53b03b42ce
-
SHA256
a533e98a86c878c9eeb075acf501ff5f27641b9677ea1a2b11ef65823cbaf1b5
-
SHA512
7f24d94f0e38161190b3be1116af0f9e3aff76c75d8edff7efaae5979963a3233b5a3d79c787abf74af17e49d58c2b06c336bf734f73c4bc18dd5fb52cfdd2f9
-
SSDEEP
12288:FuPuIpkh/8/+yhMvYZ40ZQTp2kFdo94HgNBJojBhTkb9YA+Q40klvK/:aSk/+yhMqQbjhANHojBcl4a
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-