General
-
Target
6f3336aba5c3090b559dcdeb912fb17adcbdc8faa76c2f01379e3bc890b8c74e.exe
-
Size
591KB
-
Sample
240418-bvh9csfb68
-
MD5
2a4a3291479ab3c056533198f88d7a2c
-
SHA1
eb46327c7c987aa2676690e74bacd0190b3e855a
-
SHA256
6f3336aba5c3090b559dcdeb912fb17adcbdc8faa76c2f01379e3bc890b8c74e
-
SHA512
3bada8aad3b4c56be924ccff2ccdb5f1b8e4e30e89cacc2fef1a54838c5e9f6b3f6d7afd033de5418bd3ff993836a44c217bea6f579f0337719cf7f0f96bd932
-
SSDEEP
12288:ZGL21ILib0z2cWjoICQmsszslJt6LR+Ny/TYwb/DYNzE8oYQH+8kR:4L21IL60zrA2zslHuswb/yzE8oYQG
Static task
static1
Behavioral task
behavioral1
Sample
6f3336aba5c3090b559dcdeb912fb17adcbdc8faa76c2f01379e3bc890b8c74e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6f3336aba5c3090b559dcdeb912fb17adcbdc8faa76c2f01379e3bc890b8c74e.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://136.244.109.75/index.php/08409289280180
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6f3336aba5c3090b559dcdeb912fb17adcbdc8faa76c2f01379e3bc890b8c74e.exe
-
Size
591KB
-
MD5
2a4a3291479ab3c056533198f88d7a2c
-
SHA1
eb46327c7c987aa2676690e74bacd0190b3e855a
-
SHA256
6f3336aba5c3090b559dcdeb912fb17adcbdc8faa76c2f01379e3bc890b8c74e
-
SHA512
3bada8aad3b4c56be924ccff2ccdb5f1b8e4e30e89cacc2fef1a54838c5e9f6b3f6d7afd033de5418bd3ff993836a44c217bea6f579f0337719cf7f0f96bd932
-
SSDEEP
12288:ZGL21ILib0z2cWjoICQmsszslJt6LR+Ny/TYwb/DYNzE8oYQH+8kR:4L21IL60zrA2zslHuswb/yzE8oYQG
Score10/10-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-