General
-
Target
QUOTATION22110577.exe
-
Size
394KB
-
Sample
201126-1p8wlke372
-
MD5
025c9e5be7bf95f51225106ef7e7f7b9
-
SHA1
c080a077177bd72e4e05d6edba282b7ca5b026e2
-
SHA256
d346086418bbd48dabcfb8ea48bad551ec66d79c3c0a2e198cd3a1083a80057f
-
SHA512
9564652112dc3f13dee4ffbc49f2dce62a2dfc17e0698d216f408253531867579af29f3b62b6cd0419d7cacaa67f65aafd52c9d2f3a833455532aa26f8310817
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION22110577.exe
Resource
win7v20201028
Malware Config
Extracted
lokibot
http://greenitylogistics.com/scss/bootstrap/mixinss/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
QUOTATION22110577.exe
-
Size
394KB
-
MD5
025c9e5be7bf95f51225106ef7e7f7b9
-
SHA1
c080a077177bd72e4e05d6edba282b7ca5b026e2
-
SHA256
d346086418bbd48dabcfb8ea48bad551ec66d79c3c0a2e198cd3a1083a80057f
-
SHA512
9564652112dc3f13dee4ffbc49f2dce62a2dfc17e0698d216f408253531867579af29f3b62b6cd0419d7cacaa67f65aafd52c9d2f3a833455532aa26f8310817
-
Suspicious use of SetThreadContext
-