General
-
Target
Tender_documents_FOB_Offer_Printout.PDF.exe
-
Size
265KB
-
Sample
210118-qanh15mz8s
-
MD5
db221431cd00dc461f08bf4e89dee05f
-
SHA1
575eba3bcdf274fd96109f273cd40308acb434ed
-
SHA256
8dc40254d25fe9f5feaba5a224d55c8a2843fc511014e318a2a4ddabfaeeabb6
-
SHA512
ede66d8416ecf52949c0d35c95c66ff7ea4c666a0e205ea74c06e0e4dfb76d555dc94267d1900c8994288c96c7ba7a1d6c0d3b695be3013059cc5d2299225366
Static task
static1
Behavioral task
behavioral1
Sample
Tender_documents_FOB_Offer_Printout.PDF.exe
Resource
win7v20201028
Malware Config
Extracted
lokibot
http://23.238.43.43/bb/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Tender_documents_FOB_Offer_Printout.PDF.exe
-
Size
265KB
-
MD5
db221431cd00dc461f08bf4e89dee05f
-
SHA1
575eba3bcdf274fd96109f273cd40308acb434ed
-
SHA256
8dc40254d25fe9f5feaba5a224d55c8a2843fc511014e318a2a4ddabfaeeabb6
-
SHA512
ede66d8416ecf52949c0d35c95c66ff7ea4c666a0e205ea74c06e0e4dfb76d555dc94267d1900c8994288c96c7ba7a1d6c0d3b695be3013059cc5d2299225366
-
Suspicious use of SetThreadContext
-