General
-
Target
PEMBAYARAN COPY TT_.exe
-
Size
444KB
-
Sample
210623-yybwjrkn2x
-
MD5
a83a72f803d6fab68427f23f309e3022
-
SHA1
93db2e48acf2d32c2037f6d1f9697fae52566565
-
SHA256
17eac9b848711f3464eb21c8690c40ea3adfab56a98fff0741c30740298600da
-
SHA512
553f3efdb1221373f301af8521d541de32de6e037e2318dc623d92bf3072223bcc690038712e29f67a318d3a401871c70d71e5341b82656454aeb6f1a2ada877
Static task
static1
Behavioral task
behavioral1
Sample
PEMBAYARAN COPY TT_.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/Uo2Q8E3IZNLpA
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PEMBAYARAN COPY TT_.exe
-
Size
444KB
-
MD5
a83a72f803d6fab68427f23f309e3022
-
SHA1
93db2e48acf2d32c2037f6d1f9697fae52566565
-
SHA256
17eac9b848711f3464eb21c8690c40ea3adfab56a98fff0741c30740298600da
-
SHA512
553f3efdb1221373f301af8521d541de32de6e037e2318dc623d92bf3072223bcc690038712e29f67a318d3a401871c70d71e5341b82656454aeb6f1a2ada877
-
Suspicious use of SetThreadContext
-