General
-
Target
e980e437d08d2b60f888f0970241f2a5c0eec09653cb9a228ab77bba425e8551.exe
-
Size
361KB
-
Sample
240423-cg52msbd66
-
MD5
fde165f7e76cbf60d25787d02b9747f8
-
SHA1
02a9b832afb11b92b93928f0402444cb9eacf325
-
SHA256
e980e437d08d2b60f888f0970241f2a5c0eec09653cb9a228ab77bba425e8551
-
SHA512
5411bd53ad6a747e648d67fb22e154cf3dc753d73815696b74e559056e7ece33e0c3058fa6b5ac06cc85317a5e82c9f705e52f2d7b03f7077c8dc3438bab8093
-
SSDEEP
6144:lJTvOJI7+z3/DGEEMA6GIymEoDZ57jWBLIkdFCaKmO3xGAwM5EtYRIyd3gmJYI:DTgfPRWIy0DfjWB8cF5KmO3x/wHYRIyt
Static task
static1
Behavioral task
behavioral1
Sample
e980e437d08d2b60f888f0970241f2a5c0eec09653cb9a228ab77bba425e8551.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
e980e437d08d2b60f888f0970241f2a5c0eec09653cb9a228ab77bba425e8551.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://91.92.253.228/vgbashgdvgvbhkbjhqwrgrthyuj/hjqwretyuiopadshnjmklomfhbqaxinhgbfwrftgyujicn/iplkrtikfmjdnsbgatefv/yughghjbjgbjhsdgstgsdhysyryyrs/uhgbnte/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e980e437d08d2b60f888f0970241f2a5c0eec09653cb9a228ab77bba425e8551.exe
-
Size
361KB
-
MD5
fde165f7e76cbf60d25787d02b9747f8
-
SHA1
02a9b832afb11b92b93928f0402444cb9eacf325
-
SHA256
e980e437d08d2b60f888f0970241f2a5c0eec09653cb9a228ab77bba425e8551
-
SHA512
5411bd53ad6a747e648d67fb22e154cf3dc753d73815696b74e559056e7ece33e0c3058fa6b5ac06cc85317a5e82c9f705e52f2d7b03f7077c8dc3438bab8093
-
SSDEEP
6144:lJTvOJI7+z3/DGEEMA6GIymEoDZ57jWBLIkdFCaKmO3xGAwM5EtYRIyd3gmJYI:DTgfPRWIy0DfjWB8cF5KmO3x/wHYRIyt
Score10/10-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables packed with ConfuserEx Mod
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-