General
-
Target
RFQ2598HDOPDF.exe
-
Size
641KB
-
Sample
210624-x46kkmlrvx
-
MD5
14cb2e30f01cad5ef47c622a4fc2e147
-
SHA1
010e92b23d9a3c4c42786d78748a2bee094926ab
-
SHA256
dfd6646d16dce4899cf47affa2d22b58ad515146ba71f3583a8f1d0c9cca4cc5
-
SHA512
c1b5e4d932d7a80ea6cdfc535d5ec4c1aaf60cb34a4ff3fbe4b874152de883001e3481371fc79ca8d971052e85c0241fed2fce80ba0b1ec254b88d22d6a4f5e4
Static task
static1
Behavioral task
behavioral1
Sample
RFQ2598HDOPDF.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://apponline97.ir/china/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RFQ2598HDOPDF.exe
-
Size
641KB
-
MD5
14cb2e30f01cad5ef47c622a4fc2e147
-
SHA1
010e92b23d9a3c4c42786d78748a2bee094926ab
-
SHA256
dfd6646d16dce4899cf47affa2d22b58ad515146ba71f3583a8f1d0c9cca4cc5
-
SHA512
c1b5e4d932d7a80ea6cdfc535d5ec4c1aaf60cb34a4ff3fbe4b874152de883001e3481371fc79ca8d971052e85c0241fed2fce80ba0b1ec254b88d22d6a4f5e4
-
Suspicious use of SetThreadContext
-