General
-
Target
IMG_50617.pdf.exe
-
Size
1.0MB
-
Sample
210118-fflga99fsa
-
MD5
32a192ebfa3cda2c1b161d48886d152f
-
SHA1
9e36a01df4d0b3f27a409d1e743037854872fa69
-
SHA256
58eddddb217d2439b4c23060412039bca6f9a3e52fc83e3f7e4dbd5e62bfc611
-
SHA512
1f4382050d9de2ba12addee135de22097b4269975d62e1c0055022aa8d3d234afada4da0dc2f923eb76ad50383e105db4dfe86f42b20b766afcf4bbe477a148b
Static task
static1
Behavioral task
behavioral1
Sample
IMG_50617.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
IMG_50617.pdf.exe
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://185.206.215.56/morx/1/cgi.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
IMG_50617.pdf.exe
-
Size
1.0MB
-
MD5
32a192ebfa3cda2c1b161d48886d152f
-
SHA1
9e36a01df4d0b3f27a409d1e743037854872fa69
-
SHA256
58eddddb217d2439b4c23060412039bca6f9a3e52fc83e3f7e4dbd5e62bfc611
-
SHA512
1f4382050d9de2ba12addee135de22097b4269975d62e1c0055022aa8d3d234afada4da0dc2f923eb76ad50383e105db4dfe86f42b20b766afcf4bbe477a148b
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-