General
-
Target
Purchase Order-020POR040557 (2).tar.gz
-
Size
701KB
-
Sample
210624-hqqnfzahfe
-
MD5
a76e53c90c68a07d2e8de74ede9ca8ae
-
SHA1
8a8d06075c9edc3ab71cdb3027a16869ec2887eb
-
SHA256
cd499605957e1ce791085b9f9d0f0d14ef7431404db88f06af6fa7f3fd34f16f
-
SHA512
aee9b109d6dba00fedf488b99170debb145df72c7212725312a3ba713e2a59a61f994e07a44e11eab9b1b4a92cee67fedc0cd2e9d22e86d4bac4a461a29ff5ba
Static task
static1
Behavioral task
behavioral1
Sample
79f082d15ba41f011bde45960cd32cbc.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/vkuep8Jt3rHQ5
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
79f082d15ba41f011bde45960cd32cbc.exe
-
Size
1.1MB
-
MD5
f1f80c57e5849f51d9fb3c519697826a
-
SHA1
69cda29c89885b0c798362952f71fbe2fc9038f5
-
SHA256
93ac78a024d6a0554a492cf2614ff7f75f12763b220980ad35b0a5c2994fcac7
-
SHA512
b76a797fe4b1561e850229ac8041c625a4b3c20ca9eebf9893961872aa61f5682e1458db3f276d5f2791d82dd0163246572a0f454224e340389d82f6da74baee
-
Suspicious use of SetThreadContext
-