General
-
Target
b7a871eabe5109e34637c1b87e93a314f8593d54c11ddca98dd80124815fda8a
-
Size
133KB
-
Sample
220521-ptefnsgaa5
-
MD5
3269cf96d94c54a2622c679791eb560f
-
SHA1
b18f654fc9276363ba6da72f3567a5ffead43b25
-
SHA256
b7a871eabe5109e34637c1b87e93a314f8593d54c11ddca98dd80124815fda8a
-
SHA512
c544beffff88402bb23fc185279df822834e053b31f03eeb0839b72582529223a73f73a9a779ccb501d9ce575cc8f127ac3c3294e8714ba4edeebb9d8535c734
Static task
static1
Behavioral task
behavioral1
Sample
RFQ#633026017_pdf.r00.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ#633026017_pdf.r00.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://198.23.200.239/~boxing/.tcsogb/cf.php/ERV13vpAA78rj
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RFQ#633026017_pdf.r00.exe
-
Size
301KB
-
MD5
b2fdfa0eed53c2c9f5c4c04f4a8227c0
-
SHA1
a868d33405599169dc276e38c75475c5cc89c353
-
SHA256
e0ab8e88ccd536d46709ed1434bd5f42adab436113456e48e2694b53419d4e7c
-
SHA512
0140b5d483b9d35c2a6aee1bff97f240005d964399ee7e3c46c60fa552f2214f92e7c2c24bc7f4ba3c416a4ef04702cf9e2c2dbe940d44c6bd830286ff46734d
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-