General
-
Target
Invoice-7005123.scr
-
Size
429KB
-
Sample
210421-g1rn6dj89s
-
MD5
6c365e31b3349b4f5c58faf788c819bf
-
SHA1
5e4aa21fd51a9096902aa23c821ae42704550074
-
SHA256
99cf59c32e63c462f895449382f0243085f4a85f482b325d9457149bc7cfadd7
-
SHA512
ad0a4da38a211279b5f35ddfb82626ffab112630846c7149ca7aabcb73a761492de2a6481c2cfed1107f34551aba1e75ab2b764f78fd79ff7828c1401e1990fc
Static task
static1
Behavioral task
behavioral1
Sample
Invoice-7005123.scr
Resource
win7v20210410
Malware Config
Extracted
lokibot
https://yarpa.lt/money/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Invoice-7005123.scr
-
Size
429KB
-
MD5
6c365e31b3349b4f5c58faf788c819bf
-
SHA1
5e4aa21fd51a9096902aa23c821ae42704550074
-
SHA256
99cf59c32e63c462f895449382f0243085f4a85f482b325d9457149bc7cfadd7
-
SHA512
ad0a4da38a211279b5f35ddfb82626ffab112630846c7149ca7aabcb73a761492de2a6481c2cfed1107f34551aba1e75ab2b764f78fd79ff7828c1401e1990fc
-
Suspicious use of SetThreadContext
-