General
-
Target
Shipping Documents.img .exe
-
Size
679KB
-
Sample
210624-flmn1v2q42
-
MD5
7d9fce60f332861fcd2260803f10e0eb
-
SHA1
5c011889f04c46a7e49c740c959efd1d722d65d6
-
SHA256
d8073b80ab8800400dd1a78ebe8cf04e87ca119e0aff49307956fe3cf13bd772
-
SHA512
e2bda565f202badf3a82be01101d63066fa736e40703dfd8df593c18279963dd8e4075654c5e904867bf74a908a5accf4ad3e2d3b5edb509aa88343905952d14
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents.img .exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/5mGrB9x77E21g
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Shipping Documents.img .exe
-
Size
679KB
-
MD5
7d9fce60f332861fcd2260803f10e0eb
-
SHA1
5c011889f04c46a7e49c740c959efd1d722d65d6
-
SHA256
d8073b80ab8800400dd1a78ebe8cf04e87ca119e0aff49307956fe3cf13bd772
-
SHA512
e2bda565f202badf3a82be01101d63066fa736e40703dfd8df593c18279963dd8e4075654c5e904867bf74a908a5accf4ad3e2d3b5edb509aa88343905952d14
-
Suspicious use of SetThreadContext
-