General
-
Target
5d898832ef4c190d301d67b8f2534213a65633426edbff513b28cbd09df235b3.exe
-
Size
990KB
-
Sample
240502-bwxhdafc78
-
MD5
c45be3cda7b3a08691d1b0ec9b2f9d9d
-
SHA1
68c3fae9d29936c326c5ad88b3b7091af3f8f450
-
SHA256
5d898832ef4c190d301d67b8f2534213a65633426edbff513b28cbd09df235b3
-
SHA512
d58e35e5487c34d80ea53b9db642137831f412d51dfb772d39d5324940d5216730feaf6f1203fafb6f17b6fca153739a6c987cd2437a8519e43e32ff7b07b0d5
-
SSDEEP
12288:bjU00pFjzc/AKn4lvHMYLX5kcqoaw297Vinu3neuNtG9ipyjSRIPMbP:z0s3ncLkBo297gu3euveszbP
Static task
static1
Behavioral task
behavioral1
Sample
5d898832ef4c190d301d67b8f2534213a65633426edbff513b28cbd09df235b3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5d898832ef4c190d301d67b8f2534213a65633426edbff513b28cbd09df235b3.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
lokibot
http://ebnsina.top/evie1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5d898832ef4c190d301d67b8f2534213a65633426edbff513b28cbd09df235b3.exe
-
Size
990KB
-
MD5
c45be3cda7b3a08691d1b0ec9b2f9d9d
-
SHA1
68c3fae9d29936c326c5ad88b3b7091af3f8f450
-
SHA256
5d898832ef4c190d301d67b8f2534213a65633426edbff513b28cbd09df235b3
-
SHA512
d58e35e5487c34d80ea53b9db642137831f412d51dfb772d39d5324940d5216730feaf6f1203fafb6f17b6fca153739a6c987cd2437a8519e43e32ff7b07b0d5
-
SSDEEP
12288:bjU00pFjzc/AKn4lvHMYLX5kcqoaw297Vinu3neuNtG9ipyjSRIPMbP:z0s3ncLkBo297gu3euveszbP
Score10/10-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-