General
-
Target
P.O-406252JSCTEFVILTEDA.exe
-
Size
323KB
-
Sample
210624-81kn8l8kya
-
MD5
9dadb67e63bfbc1ed06ae66f9d8b4a6b
-
SHA1
4cb095c0a0bf8a22759cc9c0117d30f6f0435f75
-
SHA256
573a2b0730e4da202bbd486ceaf7cf0b9cea7d2ca1a07448ec41e06e419bc104
-
SHA512
705d38154d49c1118625b3096c9b3953d6479cc30893b4b4a4c13acdca4812700a52038cc5ec41cd922a78cb3e4a9ee792720e6502cb00d988972a66189e6110
Static task
static1
Behavioral task
behavioral1
Sample
P.O-406252JSCTEFVILTEDA.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://es02.xyz/w2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
P.O-406252JSCTEFVILTEDA.exe
-
Size
323KB
-
MD5
9dadb67e63bfbc1ed06ae66f9d8b4a6b
-
SHA1
4cb095c0a0bf8a22759cc9c0117d30f6f0435f75
-
SHA256
573a2b0730e4da202bbd486ceaf7cf0b9cea7d2ca1a07448ec41e06e419bc104
-
SHA512
705d38154d49c1118625b3096c9b3953d6479cc30893b4b4a4c13acdca4812700a52038cc5ec41cd922a78cb3e4a9ee792720e6502cb00d988972a66189e6110
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-