General
-
Target
1bdeaf5f156dee50dd1df32b67bd7c42e40c518f11b5d308b66dca5f29106579.exe
-
Size
404KB
-
Sample
241120-z98pkatbne
-
MD5
bd94a739f5689450bda65382967d1ae1
-
SHA1
8dd0679f0961f781973355fcf64b465d1883b68a
-
SHA256
1bdeaf5f156dee50dd1df32b67bd7c42e40c518f11b5d308b66dca5f29106579
-
SHA512
78d5d60be6cc173bbb98cabe374e449539a23010bc3fb43bd245d37efa183ed7a54134d0f24c294fca2fb638bfeb4da73bbedfc28e5bae00bd3e143c6bc4bd53
-
SSDEEP
6144:im8DAwnHo1q6Uqd2GhN5fbLsPDAWf0VdajpG771KCiZwv1W:imOIXUi2iNRLsPDd0jaF41KxwQ
Static task
static1
Behavioral task
behavioral1
Sample
1bdeaf5f156dee50dd1df32b67bd7c42e40c518f11b5d308b66dca5f29106579.exe
Resource
win7-20241010-en
Malware Config
Extracted
lokibot
http://37.0.10.225/greg/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1bdeaf5f156dee50dd1df32b67bd7c42e40c518f11b5d308b66dca5f29106579.exe
-
Size
404KB
-
MD5
bd94a739f5689450bda65382967d1ae1
-
SHA1
8dd0679f0961f781973355fcf64b465d1883b68a
-
SHA256
1bdeaf5f156dee50dd1df32b67bd7c42e40c518f11b5d308b66dca5f29106579
-
SHA512
78d5d60be6cc173bbb98cabe374e449539a23010bc3fb43bd245d37efa183ed7a54134d0f24c294fca2fb638bfeb4da73bbedfc28e5bae00bd3e143c6bc4bd53
-
SSDEEP
6144:im8DAwnHo1q6Uqd2GhN5fbLsPDAWf0VdajpG771KCiZwv1W:imOIXUi2iNRLsPDd0jaF41KxwQ
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-