General
-
Target
facturas y datos bancarios.PDF.exe
-
Size
938KB
-
Sample
210623-ph2aztt6pj
-
MD5
161bad09eb7a977f3a91f217fa75bafd
-
SHA1
55856a0d2957b1ae398fbbc376ca8480e86a8a07
-
SHA256
4771e0a4c826a5da4492a575acd2f48fa152f549d40d873f863cf9d97b8418fc
-
SHA512
5535dc09501c0e85dc289f804dfc433f882c91601c38a41867bdeebbc62b01f02a7af1460dddf1665a0f1bc32a2e0b90f802ca59a8beeb7384cebc3f31445c85
Static task
static1
Behavioral task
behavioral1
Sample
facturas y datos bancarios.PDF.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/FXsbYX1K4uTzS
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
facturas y datos bancarios.PDF.exe
-
Size
938KB
-
MD5
161bad09eb7a977f3a91f217fa75bafd
-
SHA1
55856a0d2957b1ae398fbbc376ca8480e86a8a07
-
SHA256
4771e0a4c826a5da4492a575acd2f48fa152f549d40d873f863cf9d97b8418fc
-
SHA512
5535dc09501c0e85dc289f804dfc433f882c91601c38a41867bdeebbc62b01f02a7af1460dddf1665a0f1bc32a2e0b90f802ca59a8beeb7384cebc3f31445c85
-
Suspicious use of SetThreadContext
-