General
-
Target
SOA_PDF.gz
-
Size
160KB
-
Sample
210226-t2tjxee9js
-
MD5
6920dc381b371d9632a44f1d287e8f86
-
SHA1
300c64a07f26f0329ef411144a6e367f958c353a
-
SHA256
b2282e530e6d31d18be45e07cb8886859c855288e180426624637d096edf38ff
-
SHA512
32e766966a3f95386097706b85e0aa12fdd111b69cff35a268d45cca8525cba04ef026f31289ed347d11274e5e029a5aa137632d4747c1b5c4192ccca7b204de
Static task
static1
Behavioral task
behavioral1
Sample
o.exe
Resource
win7v20201028
Malware Config
Extracted
lokibot
http://51.195.53.221/p.php/iJWEYVJs28SOm
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
o.exe
-
Size
321KB
-
MD5
6c0ac5e2deeab09dea5f2d5c8e07fdb6
-
SHA1
ce19bf855d5b7d90c237e6e9ec9f0e0092b22d7a
-
SHA256
d471d9e0eb791d813362f234522fc410e3de7294fde31bd14d9b42637bf70196
-
SHA512
cf179865349a22df6007c4b79d5720b75cbbd9ec873fbb3bd34856a428e8fb474ce4c385f9ad40da676bf809e459e1f5ee997df1f97eadfafa0cecad354aae93
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-