General
-
Target
fde165f7e76cbf60d25787d02b9747f8.bin
-
Size
329KB
-
Sample
240424-ck2hmaeb73
-
MD5
e0cfc8c21802efc2413a9cbefc74b465
-
SHA1
259652bf8da20c7b8223061d88e8971a9a724096
-
SHA256
934f3b0f11f04be57fa9d2b26c984b37427c8e4ac58d410b1c0f3f3a25e2c326
-
SHA512
6a00eb080dfaa16660ba11c10c69bbfec289effeb65fc8214c9b3ecf5ffcd298304333ed420ca047dbb81b1859a3a9d7bfd3a0089732cfc6bb5a09af813d8e53
-
SSDEEP
6144:ggXzWsZhI/Qjbcx0SVxiuPhaCkbitgqsnQZj++VHmdK9nHas6XIg+tegr:ggXPI48u1u60Zj++VUKVHEXIg+tp
Static task
static1
Behavioral task
behavioral1
Sample
e980e437d08d2b60f888f0970241f2a5c0eec09653cb9a228ab77bba425e8551.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e980e437d08d2b60f888f0970241f2a5c0eec09653cb9a228ab77bba425e8551.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://91.92.253.228/vgbashgdvgvbhkbjhqwrgrthyuj/hjqwretyuiopadshnjmklomfhbqaxinhgbfwrftgyujicn/iplkrtikfmjdnsbgatefv/yughghjbjgbjhsdgstgsdhysyryyrs/uhgbnte/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e980e437d08d2b60f888f0970241f2a5c0eec09653cb9a228ab77bba425e8551.exe
-
Size
361KB
-
MD5
fde165f7e76cbf60d25787d02b9747f8
-
SHA1
02a9b832afb11b92b93928f0402444cb9eacf325
-
SHA256
e980e437d08d2b60f888f0970241f2a5c0eec09653cb9a228ab77bba425e8551
-
SHA512
5411bd53ad6a747e648d67fb22e154cf3dc753d73815696b74e559056e7ece33e0c3058fa6b5ac06cc85317a5e82c9f705e52f2d7b03f7077c8dc3438bab8093
-
SSDEEP
6144:lJTvOJI7+z3/DGEEMA6GIymEoDZ57jWBLIkdFCaKmO3xGAwM5EtYRIyd3gmJYI:DTgfPRWIy0DfjWB8cF5KmO3x/wHYRIyt
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-