General
-
Target
payment copy.exe
-
Size
723KB
-
Sample
210722-zay4k72zma
-
MD5
95b543d7b6fc8250e6d356f6c5797311
-
SHA1
b66f8a01bfffc396b0fd8e2136636de468663d70
-
SHA256
faa6f5e68119576f62ec4865fc4aecc2aa301560c33f508650b8aa6be54cf7dd
-
SHA512
a669a32a9f96b03774e38e9c0b88af73637cdfe01439997671c62120f9af48136d6666d83a927c66db0aaed3c427d1cfdfc02c76afbd56c6418fac7ced27dce7
Static task
static1
Behavioral task
behavioral1
Sample
payment copy.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://abixmaly.duckdns.org/binge/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
payment copy.exe
-
Size
723KB
-
MD5
95b543d7b6fc8250e6d356f6c5797311
-
SHA1
b66f8a01bfffc396b0fd8e2136636de468663d70
-
SHA256
faa6f5e68119576f62ec4865fc4aecc2aa301560c33f508650b8aa6be54cf7dd
-
SHA512
a669a32a9f96b03774e38e9c0b88af73637cdfe01439997671c62120f9af48136d6666d83a927c66db0aaed3c427d1cfdfc02c76afbd56c6418fac7ced27dce7
-
Suspicious use of SetThreadContext
-