General
-
Target
newcrypted_pdf (1).exe
-
Size
230KB
-
Sample
210115-c31m4w7q6n
-
MD5
edcd73cd31d65ab21fcc529b735e6f6a
-
SHA1
c8ca44191eea0a18de12b74867921e10dd17a243
-
SHA256
7c543362b23c8618d029f1fff5185c8af6adaaa3a6f358d4c8415e8e71ae7818
-
SHA512
05f86a1d094e11b418c03f3ed81fc47ee6c3bceb978404ef36ffdc5b406c26132d2fa1fe61c54aa23027be1e2113b526e9c6a86903f70d16b915b8be5a6cf717
Static task
static1
Behavioral task
behavioral1
Sample
newcrypted_pdf (1).exe
Resource
win7v20201028
Malware Config
Extracted
lokibot
http://51.195.53.221/p.php/SczbkxCQZQyVr
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
newcrypted_pdf (1).exe
-
Size
230KB
-
MD5
edcd73cd31d65ab21fcc529b735e6f6a
-
SHA1
c8ca44191eea0a18de12b74867921e10dd17a243
-
SHA256
7c543362b23c8618d029f1fff5185c8af6adaaa3a6f358d4c8415e8e71ae7818
-
SHA512
05f86a1d094e11b418c03f3ed81fc47ee6c3bceb978404ef36ffdc5b406c26132d2fa1fe61c54aa23027be1e2113b526e9c6a86903f70d16b915b8be5a6cf717
-
Suspicious use of SetThreadContext
-