General
-
Target
shipping_doc_pdf.exe
-
Size
265KB
-
Sample
210118-5zd7h2l63e
-
MD5
ce4d5c2cc963dcf05eadafc79fd439fb
-
SHA1
d27589b72734fa916d47751bf8b13585ec117a11
-
SHA256
a378693f6aef81066fd09e58b29e5dc3190f3aea614b4518589a7a07291b14a2
-
SHA512
08171a620695b88dae3c9189c56df03d1b60752ce1c5d54d5a785c2c9f143dcf673eea6a2f3009cb49328bf2087b5b6d5d07b49c9738ccbe5db9cd668f5e77b9
Static task
static1
Behavioral task
behavioral1
Sample
shipping_doc_pdf.exe
Resource
win7v20201028
Malware Config
Extracted
lokibot
http://mannaton.com/zoro/zoro3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
shipping_doc_pdf.exe
-
Size
265KB
-
MD5
ce4d5c2cc963dcf05eadafc79fd439fb
-
SHA1
d27589b72734fa916d47751bf8b13585ec117a11
-
SHA256
a378693f6aef81066fd09e58b29e5dc3190f3aea614b4518589a7a07291b14a2
-
SHA512
08171a620695b88dae3c9189c56df03d1b60752ce1c5d54d5a785c2c9f143dcf673eea6a2f3009cb49328bf2087b5b6d5d07b49c9738ccbe5db9cd668f5e77b9
-
Suspicious use of SetThreadContext
-