General
-
Target
deecf3da7331b5a8d2c5c6d5e71f634d0e7850c3c471e1f92c75ea073abe5c1e
-
Size
213KB
-
Sample
220520-3n27facbej
-
MD5
579c6daa583702c353897fc296a3389c
-
SHA1
04264ce61b921acd590d91c581b88741081015c3
-
SHA256
deecf3da7331b5a8d2c5c6d5e71f634d0e7850c3c471e1f92c75ea073abe5c1e
-
SHA512
4af38174108537a83a24eba3d7f68cd33d75115fcf725006a847399d972f79862698e56aa6a15716d30d89fdc3154950eb277bef26fc256835482e9c014091f2
Static task
static1
Behavioral task
behavioral1
Sample
payslip_422.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
payslip_422.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://beckhoff-th.com/kon/kon2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
payslip_422.exe
-
Size
373KB
-
MD5
1e3d55f211b2ad55a39712cd1c06ee35
-
SHA1
743ebab116fc5a601e878542a15f9d23267a8755
-
SHA256
5c5408db84b06949b9aae7b528ad603bf17615ceac0aba3cd79cc92ed77b8163
-
SHA512
8ec31df3dd9a80a5e1d586eabd39477f2e826670b07de18460d1ee839001941a499f1f1e1b0a1433576be682116b6aa53a34997ba4035d63411ade9bf92aa2f5
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-