General
-
Target
purchase order.exe
-
Size
115KB
-
Sample
210722-j8te9qb3kx
-
MD5
825b42a0e8a4136561853772cc8bf6a4
-
SHA1
e6a512f7d91e467e3417145635e0b43e866c2d68
-
SHA256
0bf01b361f00112f425be6120d9dd36b8943d585373e95756fc10a56cdc7c48a
-
SHA512
c8110a777e60f16523942eea23ebdd190e5107b4cd29cb7f4830d05c52ab07e3f09ce282d58371f3fd9afc97e5e569634d5c83e5ff4821fe760d413c943e8ef9
Static task
static1
Behavioral task
behavioral1
Sample
purchase order.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/cBX7uEWjd5c0S
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
purchase order.exe
-
Size
115KB
-
MD5
825b42a0e8a4136561853772cc8bf6a4
-
SHA1
e6a512f7d91e467e3417145635e0b43e866c2d68
-
SHA256
0bf01b361f00112f425be6120d9dd36b8943d585373e95756fc10a56cdc7c48a
-
SHA512
c8110a777e60f16523942eea23ebdd190e5107b4cd29cb7f4830d05c52ab07e3f09ce282d58371f3fd9afc97e5e569634d5c83e5ff4821fe760d413c943e8ef9
-
Suspicious use of SetThreadContext
-