General
-
Target
GT98765678000800.pif.exe
-
Size
461KB
-
Sample
241120-f4ve7s1gnd
-
MD5
fdfbbc8edd70b51d54176815b77d2a26
-
SHA1
559232b44c7583f26ce53f2e199d5a08b2d95abd
-
SHA256
c324fe32df959176f968d80a6ff1914f2b195c1796376f2511cb97f763f1d905
-
SHA512
ef5b06f300c04c9cddadff92f7abedb4f5640109cd6abfdf9dda568fb65b756dc0460a0852f2c49d81a4198010e0d0ccabb48152b5005b68db638ff8648aeeb7
-
SSDEEP
12288:NJOr0Yb59iAIYhQZSjNxfZzT4yoQ8BTjIz562JVbY:Ng7junZapbY
Static task
static1
Behavioral task
behavioral1
Sample
GT98765678000800.pif.exe
Resource
win7-20241023-en
Malware Config
Extracted
lokibot
http://87.120.113.235/18/pin.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
GT98765678000800.pif.exe
-
Size
461KB
-
MD5
fdfbbc8edd70b51d54176815b77d2a26
-
SHA1
559232b44c7583f26ce53f2e199d5a08b2d95abd
-
SHA256
c324fe32df959176f968d80a6ff1914f2b195c1796376f2511cb97f763f1d905
-
SHA512
ef5b06f300c04c9cddadff92f7abedb4f5640109cd6abfdf9dda568fb65b756dc0460a0852f2c49d81a4198010e0d0ccabb48152b5005b68db638ff8648aeeb7
-
SSDEEP
12288:NJOr0Yb59iAIYhQZSjNxfZzT4yoQ8BTjIz562JVbY:Ng7junZapbY
-
Lokibot family
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-