General
-
Target
0b67adeb422396c047e87fa78a9e8e80.exe
-
Size
753KB
-
Sample
240523-xjmcjacd7s
-
MD5
0b67adeb422396c047e87fa78a9e8e80
-
SHA1
0c2bdcfaf8480cfbdc74130e77167280193040d2
-
SHA256
66e4c065666fc203efec41f2ac9fb171f0ad5da06c1830458ff2642ea64e789f
-
SHA512
d0299c1fc4098519285d624879e220f494f9d137bfcaea9abc4d7214c238228b676f5cf99fa9630e244457910fb7bd204131e8e37c356a25432690fbc3789371
-
SSDEEP
12288:D8pBoyWPiDu5FJs+NWK6V2D3BTwpR1NkltlkR:D8pBoyUiDu5Fy+R6V2DBTwTHYtY
Static task
static1
Behavioral task
behavioral1
Sample
0b67adeb422396c047e87fa78a9e8e80.exe
Resource
win7-20240419-en
Malware Config
Extracted
lokibot
http://rocheholding.top/evie3/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0b67adeb422396c047e87fa78a9e8e80.exe
-
Size
753KB
-
MD5
0b67adeb422396c047e87fa78a9e8e80
-
SHA1
0c2bdcfaf8480cfbdc74130e77167280193040d2
-
SHA256
66e4c065666fc203efec41f2ac9fb171f0ad5da06c1830458ff2642ea64e789f
-
SHA512
d0299c1fc4098519285d624879e220f494f9d137bfcaea9abc4d7214c238228b676f5cf99fa9630e244457910fb7bd204131e8e37c356a25432690fbc3789371
-
SSDEEP
12288:D8pBoyWPiDu5FJs+NWK6V2D3BTwpR1NkltlkR:D8pBoyUiDu5Fy+R6V2DBTwTHYtY
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-