General
-
Target
TRANSFER.EXE
-
Size
1.4MB
-
Sample
220805-hw3gysgch8
-
MD5
6153ed96a83ceea98dbae09e7b77fcf6
-
SHA1
7f9a6ce71969ef0eb7deeafed635a127f23e37a8
-
SHA256
08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e
-
SHA512
189317086da1cad38db31b7a791a3a9c34dd551245e1ff4f74563429b17a33485e8ce5fff48e0cfef09d1034b2c7a953dfeeed75636d61ddaf110137a298a701
Static task
static1
Behavioral task
behavioral1
Sample
TRANSFER.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
TRANSFER.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
lokibot
http://sempersim.su/gi4/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
TRANSFER.EXE
-
Size
1.4MB
-
MD5
6153ed96a83ceea98dbae09e7b77fcf6
-
SHA1
7f9a6ce71969ef0eb7deeafed635a127f23e37a8
-
SHA256
08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e
-
SHA512
189317086da1cad38db31b7a791a3a9c34dd551245e1ff4f74563429b17a33485e8ce5fff48e0cfef09d1034b2c7a953dfeeed75636d61ddaf110137a298a701
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-