General
-
Target
purchase order.pdf.exe
-
Size
1.4MB
-
Sample
210624-9qdnf5rm8a
-
MD5
9765acf7509b0800d88d96a629c0cc24
-
SHA1
41ca7dd1724c8a4f880c6c9094debdf3796c3c51
-
SHA256
a222f23b44ac7af5cbac74e3f60643e232ed63d8a79162d58084f5fcce5dfd52
-
SHA512
c13cfc90c81b4d22389854d5514cc6f2f4e37cec6205c52e2cf40373345963f62bb76650bcf7d67813382cb2e5aa5e88c44b2ea3d1c527a5b1d61546fc2f74a6
Static task
static1
Behavioral task
behavioral1
Sample
purchase order.pdf.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/3V16BrI6suXPx
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
purchase order.pdf.exe
-
Size
1.4MB
-
MD5
9765acf7509b0800d88d96a629c0cc24
-
SHA1
41ca7dd1724c8a4f880c6c9094debdf3796c3c51
-
SHA256
a222f23b44ac7af5cbac74e3f60643e232ed63d8a79162d58084f5fcce5dfd52
-
SHA512
c13cfc90c81b4d22389854d5514cc6f2f4e37cec6205c52e2cf40373345963f62bb76650bcf7d67813382cb2e5aa5e88c44b2ea3d1c527a5b1d61546fc2f74a6
-
Suspicious use of SetThreadContext
-