General
-
Target
82c03a6ad7623a1d70ce197bb70546551ca0501afec4a36b526b75c972b2901f
-
Size
601KB
-
Sample
210728-2ymn7x84xn
-
MD5
bfefad6e1a3d9e9c822b9776139b704c
-
SHA1
7af351561a4c556bf6a2c1dc34461e25969fa69d
-
SHA256
82c03a6ad7623a1d70ce197bb70546551ca0501afec4a36b526b75c972b2901f
-
SHA512
5a06ef9614373ea3360c15658fa10112f73e10a9de1682a6faa975613083131124cb17f03bd9f7da8c9c615b680093e07747f4c18edfe1679c4aae0d0c1f4bb0
Static task
static1
Malware Config
Extracted
lokibot
http://manvim.co/com/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
INV#202170607#SGNBM4809600#BL_pdf.exe
-
Size
1.0MB
-
MD5
f8a2560749f06673e66153403b53139f
-
SHA1
c47cfacf830a6c0782749e1ecb3a44e4d2f42f10
-
SHA256
db13717fdf4d8f392e93c6510569cf06bcd9f727d672fc1d7787c06ae6d3033b
-
SHA512
17356c01e540560e95ddc4be07371632c587187857c6dcaf32aba2d618e147c4cedf6ee335e8e71193eba9e81ba6aa69d60986c58ece28eff4d6329ff8d41c30
-
Suspicious use of SetThreadContext
-