General
-
Target
NewOrder.zip
-
Size
524KB
-
Sample
241022-v5nrdawgmc
-
MD5
2ba45f05a335d1b1740d1401bcebad39
-
SHA1
7b87a171da03b1ca8248e7e2e4a203b258e79f16
-
SHA256
2592c99ac5bbdbad03df7ea4f754bdf4f6c9180502e5d93f59cb25d4f317e1e2
-
SHA512
6dbb52b4ddf304d1827e9f0ca4d38e9489950dbba7c752d412b7f011eca8c702de43ce16c77b5ba772fcae32c145483ebc79be3d4dc06e885a05e88575067656
-
SSDEEP
12288:xt7iLdfmCiPIZDKzxW3rfjQo6t/SBQ1XRE434p/MOWAJZpQEF5kIowfG:xtuLdONPODkof0o69XECUiaWIffG
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-20240708-en
Malware Config
Extracted
lokibot
http://94.156.177.220/skipo/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
New Order.exe
-
Size
538KB
-
MD5
fed5b3d1972774645a11685a33140e28
-
SHA1
c9ea3cdc9f537fe50088c07c239c69dea4456ddc
-
SHA256
15582393b01b6c64d16d7c573cec24dc00954c1faede0dc69777a1caa9757f7d
-
SHA512
5682fcc7f55a8915dceeda6ce0b6cb60f993987c2631c7b4024d6afc78cd94cc345561e59ac15df2fe9511a92736ef387354f703287ac1326d9da694ee269680
-
SSDEEP
12288:V9BvctM85t35JPNJj2WzoRLQYRYzmYcwbzbpFMQWaJZpQEB52oSwc3:VD0tM85tbNJjldeYiYpi+so1c3
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-