General
-
Target
gunzipped.exe
-
Size
688KB
-
Sample
240426-de1jtahd31
-
MD5
4b905e6548f4d5040fab8962cb71877e
-
SHA1
15c3785700d10e32ce7e17d706194dd9baa8442a
-
SHA256
6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1
-
SHA512
75beefb8e58cc71f433980ceb6ff74c022d35332037b905e9e6644e09dea33ba36b41dd4c8e1e6874f302208fccd93ad258c74d09c08828d65bf7661026a3cad
-
SSDEEP
12288:6jqnHvjNIrpf9rN/mc/CPV77Qykhe+AK9hCqAZHApvF1sdsgTWEmBuPg6AbTokR:6GPjKr5BNDAF7GAKeZHApvFWdsisBuoT
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
gunzipped.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://45.77.223.48/~blog/?ajax=a
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
gunzipped.exe
-
Size
688KB
-
MD5
4b905e6548f4d5040fab8962cb71877e
-
SHA1
15c3785700d10e32ce7e17d706194dd9baa8442a
-
SHA256
6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1
-
SHA512
75beefb8e58cc71f433980ceb6ff74c022d35332037b905e9e6644e09dea33ba36b41dd4c8e1e6874f302208fccd93ad258c74d09c08828d65bf7661026a3cad
-
SSDEEP
12288:6jqnHvjNIrpf9rN/mc/CPV77Qykhe+AK9hCqAZHApvF1sdsgTWEmBuPg6AbTokR:6GPjKr5BNDAF7GAKeZHApvFWdsisBuoT
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-