General
-
Target
d405284f75cde4b8c45e3d5c3b41c7bbd6db2c75788cb6d0b1deec5ea60559a4.exe
-
Size
541KB
-
Sample
240418-cfbfmsgb72
-
MD5
8864b52d242037414b7c4a230c390ab8
-
SHA1
47680d0f0d286097f7cdda37947aaaacd7226ee3
-
SHA256
d405284f75cde4b8c45e3d5c3b41c7bbd6db2c75788cb6d0b1deec5ea60559a4
-
SHA512
1cc6124f479dee45a46ada9416e90642365f316b055e2dbb73cc34b0276449fabf1b7929e5a76c133829feca47669445cbce2b876430d5d77902c2034b64b59d
-
SSDEEP
12288:/AogULNdQcE6lIi6TckYyD1WoO3wjcuuC4KU3f3uWbF:JgadQ1iYcSWNwjHuC4KU3f3uWbF
Static task
static1
Behavioral task
behavioral1
Sample
d405284f75cde4b8c45e3d5c3b41c7bbd6db2c75788cb6d0b1deec5ea60559a4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d405284f75cde4b8c45e3d5c3b41c7bbd6db2c75788cb6d0b1deec5ea60559a4.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://136.244.109.75/index.php/1748937
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d405284f75cde4b8c45e3d5c3b41c7bbd6db2c75788cb6d0b1deec5ea60559a4.exe
-
Size
541KB
-
MD5
8864b52d242037414b7c4a230c390ab8
-
SHA1
47680d0f0d286097f7cdda37947aaaacd7226ee3
-
SHA256
d405284f75cde4b8c45e3d5c3b41c7bbd6db2c75788cb6d0b1deec5ea60559a4
-
SHA512
1cc6124f479dee45a46ada9416e90642365f316b055e2dbb73cc34b0276449fabf1b7929e5a76c133829feca47669445cbce2b876430d5d77902c2034b64b59d
-
SSDEEP
12288:/AogULNdQcE6lIi6TckYyD1WoO3wjcuuC4KU3f3uWbF:JgadQ1iYcSWNwjHuC4KU3f3uWbF
Score10/10-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables packed with SmartAssembly
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-