General
-
Target
59586e753c54629f428a6b880f6aff09f67af0ace76823af3627dda2281532e4.exe
-
Size
586KB
-
Sample
241123-cw7h1s1rfp
-
MD5
66b03d1aff27d81e62b53fc108806211
-
SHA1
2557ec8b32d0b42cac9cabde199d31c5d4e40041
-
SHA256
59586e753c54629f428a6b880f6aff09f67af0ace76823af3627dda2281532e4
-
SHA512
9f8ef3dd8c482debb535b1e7c9155e4ab33a04f8c4f31ade9e70adbd5598362033785438d5d60c536a801e134e09fcd1bc80fc7aed2d167af7f531a81f12e43d
-
SSDEEP
12288:VrOj+Ri3AgFdZeDZskwkzA0+7xUNq4KC73vUECPnsSnR83PdB0:xQ3AgSskwZNeEqdCPssS3F
Static task
static1
Behavioral task
behavioral1
Sample
59586e753c54629f428a6b880f6aff09f67af0ace76823af3627dda2281532e4.exe
Resource
win7-20240903-en
Malware Config
Extracted
lokibot
http://94.156.177.41/maxzi/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
59586e753c54629f428a6b880f6aff09f67af0ace76823af3627dda2281532e4.exe
-
Size
586KB
-
MD5
66b03d1aff27d81e62b53fc108806211
-
SHA1
2557ec8b32d0b42cac9cabde199d31c5d4e40041
-
SHA256
59586e753c54629f428a6b880f6aff09f67af0ace76823af3627dda2281532e4
-
SHA512
9f8ef3dd8c482debb535b1e7c9155e4ab33a04f8c4f31ade9e70adbd5598362033785438d5d60c536a801e134e09fcd1bc80fc7aed2d167af7f531a81f12e43d
-
SSDEEP
12288:VrOj+Ri3AgFdZeDZskwkzA0+7xUNq4KC73vUECPnsSnR83PdB0:xQ3AgSskwZNeEqdCPssS3F
-
Lokibot family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-