General
-
Target
7c7f42431e94008eaf3e6857101792e4.bin
-
Size
493KB
-
Sample
241121-btxelaybkn
-
MD5
39f7b114cd02e7c530589711cd559329
-
SHA1
74acb13185f6394eedf99ca8f4e0003db5c68ade
-
SHA256
b5068640a028fb4bd5fa3d40aebe53fab5d62039f8131d56fb9490ece0a4f6f5
-
SHA512
618b62c134124f3ff4dc94611a9ea502a2c99d5dc330482d5160686ee0453eef0586a2a1e94823e3774b2aebc8da658c396c8f86bbced7fdb4b35bdc6d148747
-
SSDEEP
12288:GkZsRzYEoINLBdVOSaLI487FZtuPpOSdObKatlcf/uZmMtBd0qH:T0YELNnVOSd573tuBobKaL/IMR0G
Behavioral task
behavioral1
Sample
a4e13d5ddfed2748925ccf8cb2a08cf03f992de943e195aa73411e1fd2efab80.exe
Resource
win7-20241010-en
Malware Config
Extracted
lokibot
http://87.120.113.235/18/pin.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a4e13d5ddfed2748925ccf8cb2a08cf03f992de943e195aa73411e1fd2efab80.exe
-
Size
518KB
-
MD5
7c7f42431e94008eaf3e6857101792e4
-
SHA1
973497ad5d0725b431d1d9b3f2c8f2ef7c20382a
-
SHA256
a4e13d5ddfed2748925ccf8cb2a08cf03f992de943e195aa73411e1fd2efab80
-
SHA512
fa54bcd4394326c6e5c44841d31f29c0011ebb088b8d85d8d1b4054c6207a9dccc6b92e4e54c9574763cf06df1c521dee458aabaee7cc4ff40a5110e735d3b6c
-
SSDEEP
12288:ZOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPi2AAGXBvFwkmy:Zq5TfcdHj4fmbJ09ekx
-
Lokibot family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-