General
-
Target
DocumentosSantander.PDF.bat.exe
-
Size
656KB
-
Sample
210504-xssehqnzbx
-
MD5
efac0baa095bf155fde379c3b180f5e1
-
SHA1
6dc40192cd8424a04c446fc458475eb03b37c2ed
-
SHA256
8bf2fb9f4686b128f0ecf8c5512fca579317147575eef3c6f423e5280dd751c0
-
SHA512
dcef78baacfc92889e717680fdb09936224ee154341eeb8f0360cf0b468480c516361a0f9ef39eb32fde7afadd717d8011090522af29acf307afe55b5c2855d9
Static task
static1
Behavioral task
behavioral1
Sample
DocumentosSantander.PDF.bat.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://173.208.204.37/k.php/LY0xuvgkjMA3b
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DocumentosSantander.PDF.bat.exe
-
Size
656KB
-
MD5
efac0baa095bf155fde379c3b180f5e1
-
SHA1
6dc40192cd8424a04c446fc458475eb03b37c2ed
-
SHA256
8bf2fb9f4686b128f0ecf8c5512fca579317147575eef3c6f423e5280dd751c0
-
SHA512
dcef78baacfc92889e717680fdb09936224ee154341eeb8f0360cf0b468480c516361a0f9ef39eb32fde7afadd717d8011090522af29acf307afe55b5c2855d9
-
Suspicious use of SetThreadContext
-