General
-
Target
yUmGoxo1yynhz6W.exe
-
Size
537KB
-
Sample
240530-rg86mabc2v
-
MD5
67eb26d7f0aaa1e001828b5d2bfae149
-
SHA1
364524ec9b431c4bb82f7e2c31480275c82133d8
-
SHA256
3b0af3f5146f9d1461b10e6535dc47bea08ae7f8f728542aaba25e5cc8d914e0
-
SHA512
58edb5e7d57603f9f653a8ccc4e4e65aa62f207aaab59a4d87caabe30f3f927e80f6d2954744180a84ea3bed2c5870892e342193d30d90f694260432eb9c3e96
-
SSDEEP
12288:HbBPJwKcI5JG/d4m5wg3SRV1RUHsuVK+BEL1D1X5OlK0QK0mV91H:7BhcsGV4YSRV7fuVKdbOl+Kx3
Static task
static1
Behavioral task
behavioral1
Sample
yUmGoxo1yynhz6W.exe
Resource
win7-20240220-en
Malware Config
Extracted
lokibot
http://sempersim.su/d10/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
yUmGoxo1yynhz6W.exe
-
Size
537KB
-
MD5
67eb26d7f0aaa1e001828b5d2bfae149
-
SHA1
364524ec9b431c4bb82f7e2c31480275c82133d8
-
SHA256
3b0af3f5146f9d1461b10e6535dc47bea08ae7f8f728542aaba25e5cc8d914e0
-
SHA512
58edb5e7d57603f9f653a8ccc4e4e65aa62f207aaab59a4d87caabe30f3f927e80f6d2954744180a84ea3bed2c5870892e342193d30d90f694260432eb9c3e96
-
SSDEEP
12288:HbBPJwKcI5JG/d4m5wg3SRV1RUHsuVK+BEL1D1X5OlK0QK0mV91H:7BhcsGV4YSRV7fuVKdbOl+Kx3
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-