General
-
Target
f972a54ca5d86ea9ced7ddc4621a816f1ae22b6fe0a24e40fbef01ce07283e1b.exe
-
Size
542KB
-
Sample
241012-cgvkxawhlc
-
MD5
727b91c3fd7ca790814a5eca87ba9dd7
-
SHA1
3dcba9c3db41b556f1ca5cb73c0fcfa2713a639a
-
SHA256
f972a54ca5d86ea9ced7ddc4621a816f1ae22b6fe0a24e40fbef01ce07283e1b
-
SHA512
3b2b768a68449ad51db763a5e936fb189187d2c78f94ad25ad998f89fc75751a6e1e2ce4e3b63e0cec58e502271997180d4597fadd783284cf344c59f922164c
-
SSDEEP
12288:/nw1qbuuNYABD1IKZ8zq91PXlzUWqp4L63psN1jQXCkR:/nehuHZOq9TF042x
Static task
static1
Behavioral task
behavioral1
Sample
f972a54ca5d86ea9ced7ddc4621a816f1ae22b6fe0a24e40fbef01ce07283e1b.exe
Resource
win7-20240903-en
Malware Config
Extracted
lokibot
http://touxzw.ir/sirr/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f972a54ca5d86ea9ced7ddc4621a816f1ae22b6fe0a24e40fbef01ce07283e1b.exe
-
Size
542KB
-
MD5
727b91c3fd7ca790814a5eca87ba9dd7
-
SHA1
3dcba9c3db41b556f1ca5cb73c0fcfa2713a639a
-
SHA256
f972a54ca5d86ea9ced7ddc4621a816f1ae22b6fe0a24e40fbef01ce07283e1b
-
SHA512
3b2b768a68449ad51db763a5e936fb189187d2c78f94ad25ad998f89fc75751a6e1e2ce4e3b63e0cec58e502271997180d4597fadd783284cf344c59f922164c
-
SSDEEP
12288:/nw1qbuuNYABD1IKZ8zq91PXlzUWqp4L63psN1jQXCkR:/nehuHZOq9TF042x
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-