General
-
Target
b8b31ce674637206b2a6c1d16a150b2c0708d3bb9240d46082f6c503ccb368ca
-
Size
166KB
-
Sample
220521-pwz56agba3
-
MD5
4a300a47c5b99cfe5614af5fea152ba5
-
SHA1
85044358f9e7e7f5dc443435e5f0ef3d279b950c
-
SHA256
b8b31ce674637206b2a6c1d16a150b2c0708d3bb9240d46082f6c503ccb368ca
-
SHA512
2ae19cb67f0f9f013d834ecb646c7e068f136d86f08d09877b20a103f7912ff35f9e3991b4b909d9b6b324bb03151c878e85aad482b580dc979ab0489b4cf282
Static task
static1
Behavioral task
behavioral1
Sample
Attached Documents FYV#03072020_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Attached Documents FYV#03072020_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://beckhoff-th.com/chief/chief1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Attached Documents FYV#03072020_pdf.exe
-
Size
238KB
-
MD5
2de18e056d0dbe3acc539bdbd2479168
-
SHA1
dd531391fa0f082ea866e9bcfef6b6a244a3f987
-
SHA256
f2928aee1a9d89b026c0fbb75b913ad0613aa48c4539bebbc8c89e8be1ad0365
-
SHA512
8ba8cb51a8b912d53319ea9e8f1cd64c133744e0600d32e00a3ac7e0b8b987ffd30e6fd22ed7ad78899e0060e3ffbc7df411dfb0f71162f807f8792e3f15fc23
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-