General
-
Target
0f1297343dfe9063e2521071b8901243a317a182dbe513d4bf0e98f12064ad88
-
Size
446KB
-
Sample
220521-nce57sgefr
-
MD5
6e59e5d41380e1ffe6c19a249ac9d61a
-
SHA1
e1ef5898c2c1c0642f6708df112174879cdaceaf
-
SHA256
0f1297343dfe9063e2521071b8901243a317a182dbe513d4bf0e98f12064ad88
-
SHA512
de02df997004554198dd1cd65c3a5e7b3237849cd1408e1b51827e12d45ab7e665787193e9852d722684cce6c557edf13e3ee82194d73297a4a73325ab37b54b
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PAYMENT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://mecharnise.ir/ea16/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PAYMENT.exe
-
Size
505KB
-
MD5
f673e075820eb6bc17c5a986335c4cc7
-
SHA1
e927750ce61d24cb120570ce90d24820eced03d6
-
SHA256
e2475ed36f6c04d8960ee27ebb3a0bc7f3148b2e780c948958920c554699267b
-
SHA512
554f0dbf37bafad6525907792053b794940dcd66784ed307ad9643c1a594879ca96b362f1085edc0ddcb34b580aca1457ddcbc0fe5183d9663a8011b2b285a00
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-