General
-
Target
附件訂單 PO-21112302.zip
-
Size
414KB
-
Sample
211202-j3s3jagbf3
-
MD5
4cd6df2b5224f44358575a12ed7faaa6
-
SHA1
a50a277e50318bb56da814d3c115ecbbba920603
-
SHA256
cf105f359eeab363cf1fa8f3d93f1c55bce937927d84df5eb621ac78ea046506
-
SHA512
6d23eed28e88ab94e63009e20b360d07974f988c125746b2ec15dc3f4bf8ff17c811dad70899514959e725c37ef72fa6dff81074b7987b9f2c64ee2a80a4af28
Static task
static1
Behavioral task
behavioral1
Sample
???? PO-21112302.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
???? PO-21112302.exe
Resource
win10-en-20211104
Malware Config
Extracted
lokibot
http://secure01-redirect.net/gb17/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
???? PO-21112302.exe
-
Size
528KB
-
MD5
690b6e21fea73fa4bb6b1984957d2342
-
SHA1
c63aa497e85d9093a01c70486b3c99826c70074c
-
SHA256
fb58486744862437fbcbe4acc9cce0fc5727e253686ad0e495c82e827017c99c
-
SHA512
0f4481f272d0977b6822f6909088870346e1d37a614e4cc478349257345d26e40048adba65c2cb8214d67edda1cb2ddc8e236ee3446a92d015d195709ee2b1fc
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-