General
-
Target
EF38590A523E08F62162A2A72C3C8A2FEEC903676CE4CBCE511B04E4CE8E3E40
-
Size
945KB
-
Sample
250220-atrzfasnhk
-
MD5
6bf7f7fe6bf19076a75058586aaf4801
-
SHA1
26c37bfb14bc3333f8a47227b67c2e3a3b56bf0f
-
SHA256
ef38590a523e08f62162a2a72c3c8a2feec903676ce4cbce511b04e4ce8e3e40
-
SHA512
7daf241aefba34a15ce97642b27c78ff332d89f2c96ddb580e7207018e314a760e5e0b5002b5eec6ef7b8111783df2bced4c8592bb0f6f8c46359ba291764955
-
SSDEEP
24576:hu6J33O0c+JY5UZ+XC0kGso6FaH9gvo4b+WY:zu0c++OCvkGs9FaH9gvo8Y
Static task
static1
Malware Config
Extracted
lokibot
http://royalsailtravel.ru/Sacc/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
EF38590A523E08F62162A2A72C3C8A2FEEC903676CE4CBCE511B04E4CE8E3E40
-
Size
945KB
-
MD5
6bf7f7fe6bf19076a75058586aaf4801
-
SHA1
26c37bfb14bc3333f8a47227b67c2e3a3b56bf0f
-
SHA256
ef38590a523e08f62162a2a72c3c8a2feec903676ce4cbce511b04e4ce8e3e40
-
SHA512
7daf241aefba34a15ce97642b27c78ff332d89f2c96ddb580e7207018e314a760e5e0b5002b5eec6ef7b8111783df2bced4c8592bb0f6f8c46359ba291764955
-
SSDEEP
24576:hu6J33O0c+JY5UZ+XC0kGso6FaH9gvo4b+WY:zu0c++OCvkGs9FaH9gvo8Y
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-