General
-
Target
IMG_06177.pdf.exe
-
Size
1.0MB
-
Sample
210118-arfkmjvjwe
-
MD5
00e8b11be61ae93f35355515b7ceb8cf
-
SHA1
9be71f9666a69f866ff6ddc38fe1d3f5db872643
-
SHA256
4bb974d690e775a23b6b907a22614c47dc88e7b47d0ac0811e53e4bbe0c85f68
-
SHA512
476dc7892edf997d4b66bb162930aeae8deb483380f49b7aa24dcaf935fbb10af6ec2e81fcd709f49bfd41e1b0aae7360dd17ba89ad4322e0d25376fc24c3dd5
Static task
static1
Behavioral task
behavioral1
Sample
IMG_06177.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
IMG_06177.pdf.exe
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://185.206.215.56/r-1/cgi.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
IMG_06177.pdf.exe
-
Size
1.0MB
-
MD5
00e8b11be61ae93f35355515b7ceb8cf
-
SHA1
9be71f9666a69f866ff6ddc38fe1d3f5db872643
-
SHA256
4bb974d690e775a23b6b907a22614c47dc88e7b47d0ac0811e53e4bbe0c85f68
-
SHA512
476dc7892edf997d4b66bb162930aeae8deb483380f49b7aa24dcaf935fbb10af6ec2e81fcd709f49bfd41e1b0aae7360dd17ba89ad4322e0d25376fc24c3dd5
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-