General
-
Target
0ab9857c799e33958581ad7b2b0a4e03e89e9f0ebfe204387fee5ed647ebd78f
-
Size
435KB
-
Sample
220521-pzezdsbecl
-
MD5
ae70197c6e165f8072edf22eb00962fb
-
SHA1
8aad6836f3868b686fd41e53c0fc5583a0dd5056
-
SHA256
0ab9857c799e33958581ad7b2b0a4e03e89e9f0ebfe204387fee5ed647ebd78f
-
SHA512
b3699cb4d4476910d55242d1b19fc2b606eb7e1eaf5a5c5f919f4f7117769b056d474c98c67c8f3b93a4f0c425f1d39644bad7db2fd381652998049e2b2cdebb
Static task
static1
Behavioral task
behavioral1
Sample
DOC-SCAN11713_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DOC-SCAN11713_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://brokenbones.ml/Colba1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DOC-SCAN11713_pdf.exe
-
Size
782KB
-
MD5
f0dc7ded13463bae07d94e666ede8b50
-
SHA1
1492e598b68aef272bbf980461f1940457127aa7
-
SHA256
4e7bca2dd3a61213bdc031709099133300e2dbaf3d5ba79b63e12daa54225367
-
SHA512
d974c87feb8aa6ea96dc800e2d7aa0cc4b2c04a59c9ecbba77cbacda4ed6543a55013e1901e48e0dd7f170f068f41e5c5411382a279658d92a8dcb2a0a84353c
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-