General
-
Target
Odeme belgesi.gz.zip
-
Size
361KB
-
Sample
241002-p1r1ca1arg
-
MD5
e4642545e8067373a394cc144fc9c957
-
SHA1
4bf922369105fa909465f1912beb52bbad210c16
-
SHA256
8bf8454a9b12f906299a087fcab18e684cffb1bace2aca65802ea622d853b88a
-
SHA512
00094497397cfbcdbc0450040f7ac57f13ab0e7701ae8b17f84e845edd90cb12064c1b824d769a4aa82834b2b481d1f49ace98dc2761f6e056c3bc6fcb98ee74
-
SSDEEP
6144:cUpCqk2i7LH/j1V/HquoL4/nIN/NB+DYRkfSh4//+oPrKC584UG+LWEF7AfD:rCq5iH/RVPXPunXKim/+oPrv5T1ZEFo
Static task
static1
Behavioral task
behavioral1
Sample
Odeme_belgesi.exe
Resource
win7-20240903-en
Malware Config
Extracted
lokibot
http://solutviewmen.viewdns.net/bdifygidj/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Odeme_belgesi.exe
-
Size
540KB
-
MD5
90f4be8876c29b8a1003fad8cc920a82
-
SHA1
9954083d7206592481ad16804d2d230d052550f4
-
SHA256
0f1bde8e151531aed752a337fcd392ab70e2839a42c4d61570b825fa44d4d365
-
SHA512
8f8e29b2e4df6099a4fc2b03f562f6e6deb1071e45f54a300b331f994dfcf845bf2f2edae8217e6dcd728c8c23611387a3acbcef5aaeb4ff3a8d4955ada865c3
-
SSDEEP
12288:qxTUip/R3pX12nXGik/+oPrj5utJfS5bpZKh5tsd5Nrkkz:LWR3x1Wg9PNrkkz
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-