General
-
Target
6ee65849874d77cd3d30b49fd035cf2768c91d8c504ecfc45a09c5aa74fe73a5
-
Size
172KB
-
Sample
220521-pkgjnsaffk
-
MD5
4be2821e9acda5b04947558c56e1a02a
-
SHA1
dc2f3cfba2bacfaf8ac907e8f19a17f25cc91020
-
SHA256
6ee65849874d77cd3d30b49fd035cf2768c91d8c504ecfc45a09c5aa74fe73a5
-
SHA512
0856dc946072296f9c9579af9319f479c969590f19a2b039b8090109230ac2ea97c9347c3cd3f098deedf6e31876fe69879fc55b19193f58dbe6db4c7dbba991
Static task
static1
Behavioral task
behavioral1
Sample
6ee65849874d77cd3d30b49fd035cf2768c91d8c504ecfc45a09c5aa74fe73a5.zip
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6ee65849874d77cd3d30b49fd035cf2768c91d8c504ecfc45a09c5aa74fe73a5.zip
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Payment Voucher.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Payment Voucher.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://beckhoff-th.com/kon/kon2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6ee65849874d77cd3d30b49fd035cf2768c91d8c504ecfc45a09c5aa74fe73a5
-
Size
172KB
-
MD5
4be2821e9acda5b04947558c56e1a02a
-
SHA1
dc2f3cfba2bacfaf8ac907e8f19a17f25cc91020
-
SHA256
6ee65849874d77cd3d30b49fd035cf2768c91d8c504ecfc45a09c5aa74fe73a5
-
SHA512
0856dc946072296f9c9579af9319f479c969590f19a2b039b8090109230ac2ea97c9347c3cd3f098deedf6e31876fe69879fc55b19193f58dbe6db4c7dbba991
Score1/10 -
-
-
Target
Payment Voucher.exe
-
Size
234KB
-
MD5
d3670baf7b70a0b46814c64cf17b01ea
-
SHA1
cb2529aa98427da02b2d307a108fef16e9f714f4
-
SHA256
f592cac023e092bd5042eeaa7d2820ca72a3405e9288fdae0cd8c537dca39129
-
SHA512
d9132e306c72bdcee3056a13ac129898ac691371afc73e87effd20723936bb7dea49d4bf4cf2b00ea254118e2f0b87a0567f9cd8372655e09b88f69a95460db5
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-