General
-
Target
232cb6040983463cc2355d331b67d1c83cfe485ae01fa82cb69df201590af05a
-
Size
771KB
-
Sample
241121-yb8q8szmfj
-
MD5
df983aecd086b616e3fababad6d4c1d1
-
SHA1
dd25bed0824bdf885ce45fd56bbb4f272aff632f
-
SHA256
232cb6040983463cc2355d331b67d1c83cfe485ae01fa82cb69df201590af05a
-
SHA512
d29410ce5a26af4d93e224c1472678c426b6d131c3e310928abf57b6a8a120f38c74c2f8efac1fa7160bdb4e978328bf1d597908c2bb4e5860511ece7562aef9
-
SSDEEP
24576:Jgh//s5nyyx+NxEyabYNXPDCPXokK/Dwu:ah//s5nyC+Nqyab0Cvw/D
Static task
static1
Behavioral task
behavioral1
Sample
232cb6040983463cc2355d331b67d1c83cfe485ae01fa82cb69df201590af05a.exe
Resource
win7-20241010-en
Malware Config
Extracted
lokibot
http://171.22.30.147/gk1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
232cb6040983463cc2355d331b67d1c83cfe485ae01fa82cb69df201590af05a
-
Size
771KB
-
MD5
df983aecd086b616e3fababad6d4c1d1
-
SHA1
dd25bed0824bdf885ce45fd56bbb4f272aff632f
-
SHA256
232cb6040983463cc2355d331b67d1c83cfe485ae01fa82cb69df201590af05a
-
SHA512
d29410ce5a26af4d93e224c1472678c426b6d131c3e310928abf57b6a8a120f38c74c2f8efac1fa7160bdb4e978328bf1d597908c2bb4e5860511ece7562aef9
-
SSDEEP
24576:Jgh//s5nyyx+NxEyabYNXPDCPXokK/Dwu:ah//s5nyC+Nqyab0Cvw/D
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-