General
-
Target
6751351576756224.zip
-
Size
933KB
-
Sample
210623-s148r4fj92
-
MD5
950e9542dcc98a7ef6decb2db2996c54
-
SHA1
811505ad3c7ffee7d5648111888c14be634d3105
-
SHA256
cea60a27be9fe0fff2ea76e0a699afd8a70b226421685ca3ecf03a5278eeafba
-
SHA512
bb125af01b0a7062716e798072ba214b4fb55216fe47259c30b1a4301935fc19d293073c1ae0b63ce81ff562ec36c67371b1a3a5f2206a23ed8e69cddff2e8aa
Static task
static1
Behavioral task
behavioral1
Sample
file_23.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/3LJAZguIGMmJV
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
file_23.exe
-
Size
1.2MB
-
MD5
21be3dd0acf1487d7158041c01d33536
-
SHA1
8b0027fd706fa3c335f7c9214552cd30e3206a97
-
SHA256
8d45f0ac44e360afcbb0032a4461669fc5068b50a838bc7dde632f0c5a3dddf9
-
SHA512
207a1e6bf2bd3422bf638f72d72ca3dc65739dd26d9efd5e2da32f92dfd6c6a8eb245b58bde39717e43cdc831d4e271958bb5d934a732aefebf42a54f90d489c
-
Suspicious use of SetThreadContext
-