General
-
Target
81ed0bde4f59ed3f28745d29e08cdea0bb9f096662476710f910173fc6376311
-
Size
191KB
-
Sample
220521-pv5z1sgaf5
-
MD5
23347b698217d1f9122010e41ef00dcc
-
SHA1
c83bc0c5f24c254a840bb4278458290709f05fd5
-
SHA256
81ed0bde4f59ed3f28745d29e08cdea0bb9f096662476710f910173fc6376311
-
SHA512
f01e29c7d27fcb83c8cc9bb2690a7ce9c0a2b45d06dd6e595c704b91af81c81c4741b3b8472bf096e7252928faffbbf650ac2998141f8e4dc70cf43161f22ad1
Static task
static1
Behavioral task
behavioral1
Sample
Swift Doc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift Doc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://beckhoff-th.com/kon/kon2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Swift Doc.exe
-
Size
281KB
-
MD5
6d5dbefe732e62fb5164fead6af6a887
-
SHA1
b3f19fa125a3e4f418a287f63f6b85e751c43396
-
SHA256
ca9be111c1e10b81ab16b5434474f09085c62d8d592fce7e79810aef284a675e
-
SHA512
d5ef89ccdc6db1898364243bc07771e442f5cc69518ea6f256706e7603d72cb813ec466fac23dd76c4ecde4072d82c9a60c89e1d9985c064780549aa2a242fed
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-