General
-
Target
SHIPPMENT schedule_MAR.pdf.arj
-
Size
134KB
-
Sample
210226-7qeemvwvex
-
MD5
ad38cb0c12209954168a3fd00304a066
-
SHA1
d551924b1653af70c302926011752db57e4fecf4
-
SHA256
fb47f63aa76d3d93d9de692bc91961d885e320525a9ac37a917ca69570d962fa
-
SHA512
2be48d4f3fb2bff555586e0c995dd6df222d9819ae1a077f4bb7132ff76b770b646acd904dcd9b42e69a2f501932e3b0207214bda8930e4816ebde22ddfeec44
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPMENT schedule_MAR_pdf.exe
Resource
win7v20201028
Malware Config
Extracted
lokibot
http://becharnise.ir/fb5/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SHIPPMENT schedule_MAR_pdf.exe
-
Size
148KB
-
MD5
d11cc82aa25ccf205491dfc2dc182422
-
SHA1
e7b78fdf8720f7ce6c473fe36cdd3054fac339b8
-
SHA256
8c772d9370e0553312c599e768351e56c8a8acdf4abd59cd1ea10d5a9a7f3d75
-
SHA512
8f13ae8b2558051c0cae3753720195cce20eb79373011f4f20821d8d3684df0ead5597cc47066de11531a4f0cb8080122747990b76a426c42b08eeaf44d74739
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-