General
-
Target
shipping documentpdf.exe
-
Size
747KB
-
Sample
210810-bc1p4h17jx
-
MD5
63daf591a4338cdf51c53fc63b2a66e4
-
SHA1
e9c8d30554f84827229461c5e54a1c3e0c0c7f22
-
SHA256
1cf9b819c1ad4771f76ba564223d010bd1eff0f396810dd48b1e3df4eeedca50
-
SHA512
f04955f654c354ddeb4dbb339cf32c623c8f4d040272a03097248945891d1c766d9aa697ea49eeece023f0684d1411299b7fcf7513459ecb1134933e58ae100f
Static task
static1
Behavioral task
behavioral1
Sample
shipping documentpdf.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://manvim.co/fd16/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
shipping documentpdf.exe
-
Size
747KB
-
MD5
63daf591a4338cdf51c53fc63b2a66e4
-
SHA1
e9c8d30554f84827229461c5e54a1c3e0c0c7f22
-
SHA256
1cf9b819c1ad4771f76ba564223d010bd1eff0f396810dd48b1e3df4eeedca50
-
SHA512
f04955f654c354ddeb4dbb339cf32c623c8f4d040272a03097248945891d1c766d9aa697ea49eeece023f0684d1411299b7fcf7513459ecb1134933e58ae100f
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-