General
-
Target
28102024_0954_22102024_Uusiostotilaus_PO410533_SWMetalkoOy.zip
-
Size
142KB
-
Sample
241028-l3b55awhpn
-
MD5
4ed81b1385e0948b45192cb9c1b06f4e
-
SHA1
13f67d44a88773e5ece63a4a07b875608b733122
-
SHA256
6fa446e543b9e4ba433869954863b30077024eca7bc42e6bb5a258d5ea16ca78
-
SHA512
bab37a45ae631d10e27618ffe07c97e8b3769f536cc80b112156cb118f6d7300664d267306813c5e71ae4a18e767e9eb930170095c4bca850d2121760327d46f
-
SSDEEP
3072:mfwNCvf1+otB8iU21QRGXB+nOtHQm6CJtd/ow2rGd3b:mTfwaZuRGXRtHQGQMdr
Static task
static1
Behavioral task
behavioral1
Sample
Uusi ostotilaus_(PO410533)_S&W Metalko Oy.exe
Resource
win7-20240903-en
Malware Config
Extracted
lokibot
https://dddotx.shop/Mine/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Uusi ostotilaus_(PO410533)_S&W Metalko Oy.exe
-
Size
193KB
-
MD5
2750811b6c17c3c3ae345316f84aa921
-
SHA1
13a3343fcf472ac067ccb6e4c32cd47f1761e826
-
SHA256
83f31c20b1e1819627874ca9eeb2a8b703e28656a581289821415963dcf596b8
-
SHA512
ced97f75886800fe17642555a0f6891c118d3e96e2d2998b16b5dd9074a32db34a706b1fe34eaedec9755e0a9bc4c2adba7045894961dce3778f53c5531dad9e
-
SSDEEP
3072:4IzkRZo5uKwZ56Es5r0GgE1QR6XBGnglHQmaCvtdWfT:z61SLg9R6XplHQA
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-