General
-
Target
Quotation.exe
-
Size
152KB
-
Sample
241202-qfjc5svlfz
-
MD5
a6d27c830af952414ff70b257cf26948
-
SHA1
691fc8feed36fc7c9b7933e1c3807e5314d40d5e
-
SHA256
c7bfb04b5e314178b5d3602cbbb9e6abe716936aef501b645d7c1aa2cbeaaaf3
-
SHA512
71b4304f85c7a437841a17ab91d6cb27315909157b20ce751a5e18e0f4107b08bfef5ee3cbf7633b74591a4fdc994068d55b0325b83a368d64e048a04ad39ba4
-
SSDEEP
1536:gBhirc4kWBUNHUt4gML6ybLaPxNDN17RocNKlsSkrmPJf9:wirWN0fMesLaPxNP7ucN+Ari9
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20241010-en
Malware Config
Extracted
lokibot
https://dvlref.online/BISH/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Quotation.exe
-
Size
152KB
-
MD5
a6d27c830af952414ff70b257cf26948
-
SHA1
691fc8feed36fc7c9b7933e1c3807e5314d40d5e
-
SHA256
c7bfb04b5e314178b5d3602cbbb9e6abe716936aef501b645d7c1aa2cbeaaaf3
-
SHA512
71b4304f85c7a437841a17ab91d6cb27315909157b20ce751a5e18e0f4107b08bfef5ee3cbf7633b74591a4fdc994068d55b0325b83a368d64e048a04ad39ba4
-
SSDEEP
1536:gBhirc4kWBUNHUt4gML6ybLaPxNDN17RocNKlsSkrmPJf9:wirWN0fMesLaPxNP7ucN+Ari9
-
Lokibot family
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-