General
-
Target
5bbffb3fc5d31a0dd2813392745bb72f.exe
-
Size
319KB
-
Sample
241127-xyr7bssnhr
-
MD5
5bbffb3fc5d31a0dd2813392745bb72f
-
SHA1
04db94600cee4ad49f2e4554275d057be68bf898
-
SHA256
d11c99e9343acbbfd158099ae65ecf9b5433d231fa4c7b2bd9f951015ab01025
-
SHA512
35131dfb2ddc809efb8fe69ada3440780114a226dda0aa287439f160f97d73c0716afd03236991f713ce4dc1b7b679a086ee29d3c46e1fb47f43d0bc9f53accb
-
SSDEEP
6144:SHHX0fak9RN4OqyJKHfXbJ22ZkNr0ypGNc2YkOidVEfnNcA9GPd:1H4Oqye8fNYyQ+YAfNcA9GV
Static task
static1
Behavioral task
behavioral1
Sample
5bbffb3fc5d31a0dd2813392745bb72f.exe
Resource
win7-20240708-en
Malware Config
Extracted
lokibot
http://45.149.241.168:4410/fujfygidj/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5bbffb3fc5d31a0dd2813392745bb72f.exe
-
Size
319KB
-
MD5
5bbffb3fc5d31a0dd2813392745bb72f
-
SHA1
04db94600cee4ad49f2e4554275d057be68bf898
-
SHA256
d11c99e9343acbbfd158099ae65ecf9b5433d231fa4c7b2bd9f951015ab01025
-
SHA512
35131dfb2ddc809efb8fe69ada3440780114a226dda0aa287439f160f97d73c0716afd03236991f713ce4dc1b7b679a086ee29d3c46e1fb47f43d0bc9f53accb
-
SSDEEP
6144:SHHX0fak9RN4OqyJKHfXbJ22ZkNr0ypGNc2YkOidVEfnNcA9GPd:1H4Oqye8fNYyQ+YAfNcA9GV
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-