General
-
Target
84e0438826a95865f0c61bb632ebcc984038cdf2efb505e475cd314b8531aad4
-
Size
286KB
-
Sample
220521-nex4ssggal
-
MD5
6509821ed23a75328ef3e6ab14c34bc1
-
SHA1
5bfbf8022b7614548ada05acb73799f0a5456357
-
SHA256
84e0438826a95865f0c61bb632ebcc984038cdf2efb505e475cd314b8531aad4
-
SHA512
cb8ec5c2c2fd74a933d7e6d4dc4ed80766f05e937c00fbbb64145375f037215f0c5a09b05a9bb82e3292ac0f4662288083cd9d3f4988176a19f0517c8ecda42d
Static task
static1
Behavioral task
behavioral1
Sample
Scanconfidentail_file_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Scanconfidentail_file_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://mito--cn.com/kaka/kaka1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Scanconfidentail_file_pdf.exe
-
Size
448KB
-
MD5
a55c86d487b41113ed29d2e9d9b769bb
-
SHA1
1e0219c5fdda0f6f1d33fd121a106b53bf7240ce
-
SHA256
16236af6a2deae7c6767f5f5ea20c3a485bd8d2ca966e9f861b711852ec6bf62
-
SHA512
0470a293f0a9b23e95c9d8014aee9d50204510ca3c89d673fcaed89abece119a8b68fe1eac936c45a5122cdac08ad52aacefab201792ea3b2529d032ec17c8cf
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-