General
-
Target
Satınalma Siparişi_(PO40947)_EMS Endüstriyel Servis.exe
-
Size
216KB
-
Sample
241030-g4xe8swqgw
-
MD5
6cf2efa7f0e3c172cb5be4c7f065fe5d
-
SHA1
20166a74da7adf203a996d814ebc94947c6c26fd
-
SHA256
8b5e4c846dc98bdea2524651cf2895630c27bab15f5b27d60a9fd732b1c6ba3f
-
SHA512
ddce7ff8e61430fd4755afbec20793d949a28e455a2c813697bdfc307667a0c695e181dcf6663066eb228e52c96f9571ec7b319629e0f945dcbc58e3f7d71181
-
SSDEEP
6144:w119IHMcJVuYhxAYWDVeKf9UsZtheI5m:wjUZhRWcKhhh
Static task
static1
Behavioral task
behavioral1
Sample
Satınalma Siparişi_(PO40947)_EMS Endüstriyel Servis.exe
Resource
win7-20240903-en
Malware Config
Extracted
lokibot
https://rottot.shop/Mx2/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Satınalma Siparişi_(PO40947)_EMS Endüstriyel Servis.exe
-
Size
216KB
-
MD5
6cf2efa7f0e3c172cb5be4c7f065fe5d
-
SHA1
20166a74da7adf203a996d814ebc94947c6c26fd
-
SHA256
8b5e4c846dc98bdea2524651cf2895630c27bab15f5b27d60a9fd732b1c6ba3f
-
SHA512
ddce7ff8e61430fd4755afbec20793d949a28e455a2c813697bdfc307667a0c695e181dcf6663066eb228e52c96f9571ec7b319629e0f945dcbc58e3f7d71181
-
SSDEEP
6144:w119IHMcJVuYhxAYWDVeKf9UsZtheI5m:wjUZhRWcKhhh
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-