General
-
Target
80358303e33cef71434e6e4a621262c5.exe
-
Size
570KB
-
Sample
241119-gzwm5ssbkp
-
MD5
80358303e33cef71434e6e4a621262c5
-
SHA1
e7a22b4e5af741f9b4d9982f36164b276bba459a
-
SHA256
f3246d0ca5ca8e69f98ca33b2c17813d5d862049dcfa9931dbcbaaaf7543a1f7
-
SHA512
5e68b8c63afe7c0e91396f42f485cd84946235ab11d9ce7107bbcf75568ff3087d5e14378f87d77733376e332f516f26db838b870ca580569178b15c0a90761e
-
SSDEEP
12288:LUhTeWLn9xDFlYjueKNNuUlsrzwbxnmvGZiOveCdi:Pg9xDddNBxmvGZiOR
Static task
static1
Behavioral task
behavioral1
Sample
80358303e33cef71434e6e4a621262c5.exe
Resource
win7-20241010-en
Malware Config
Extracted
lokibot
http://94.156.177.95/maxzi/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
80358303e33cef71434e6e4a621262c5.exe
-
Size
570KB
-
MD5
80358303e33cef71434e6e4a621262c5
-
SHA1
e7a22b4e5af741f9b4d9982f36164b276bba459a
-
SHA256
f3246d0ca5ca8e69f98ca33b2c17813d5d862049dcfa9931dbcbaaaf7543a1f7
-
SHA512
5e68b8c63afe7c0e91396f42f485cd84946235ab11d9ce7107bbcf75568ff3087d5e14378f87d77733376e332f516f26db838b870ca580569178b15c0a90761e
-
SSDEEP
12288:LUhTeWLn9xDFlYjueKNNuUlsrzwbxnmvGZiOveCdi:Pg9xDddNBxmvGZiOR
-
Lokibot family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-