General
-
Target
INV-Impot Dos_pdf.exe
-
Size
890KB
-
Sample
210504-sxxflnhpns
-
MD5
deebff890e5a3cf56143a8e5f70c494e
-
SHA1
c48ca3466b49887848ddd36db47265fb3918ba21
-
SHA256
bd22e6fdeaeeb5047191e6b7feaeb3a152f43b20b9d464eb51add07c29a1e8de
-
SHA512
fb790cfb50b58d5100c5997a8faaafc7410d2e52e137990fc2e08358761bbe1dfe1466e2000cc464e22c6191075bdf64202af8fc24b3268875b5bec0be5203e1
Static task
static1
Behavioral task
behavioral1
Sample
INV-Impot Dos_pdf.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
https://optimize-apiv2.barantum.com/xx/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
INV-Impot Dos_pdf.exe
-
Size
890KB
-
MD5
deebff890e5a3cf56143a8e5f70c494e
-
SHA1
c48ca3466b49887848ddd36db47265fb3918ba21
-
SHA256
bd22e6fdeaeeb5047191e6b7feaeb3a152f43b20b9d464eb51add07c29a1e8de
-
SHA512
fb790cfb50b58d5100c5997a8faaafc7410d2e52e137990fc2e08358761bbe1dfe1466e2000cc464e22c6191075bdf64202af8fc24b3268875b5bec0be5203e1
-
Suspicious use of SetThreadContext
-