General
-
Target
ee85bcb8fbff0f1df135d58ab671cc467a15121e4caa314ceec51fffddd98d4b
-
Size
199KB
-
Sample
220521-ndr66adee3
-
MD5
6f1aaa31df28e17908fe4a684fce586c
-
SHA1
9e59282ee498949b297cf21925831077bf5e45f0
-
SHA256
ee85bcb8fbff0f1df135d58ab671cc467a15121e4caa314ceec51fffddd98d4b
-
SHA512
2c365961895081f7d2ee8a6a53849029fff6b6fb07c6c6b7267df82fc2452a50e45f61540008d0353bacdd5dcf1c424c9a939f174be81d609ff44ea93dddc83e
Static task
static1
Behavioral task
behavioral1
Sample
swift_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
swift_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://beckhoff-th.com/kon/kon2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
swift_pdf.exe
-
Size
379KB
-
MD5
037ada41d7814605e44f86831bda870c
-
SHA1
7b366232f409bb401cb0bfd39ba9de1cb48b6384
-
SHA256
89c43fa14d007c940ad21716efe6c4ce18b38dc94a8c457138422c93697751b6
-
SHA512
52e0e997d0ada0fce57c72a62d540cf70ad208fa6f5ead2eb2e47b7a7d81db96514462628b0234bf074468ed57cae847206c9cb626c3e0c976e2f57fce33d2bd
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-