General
-
Target
a89e368ecf059536c57d4585fced393df12f198f037f6340207c3ef2fb57465f
-
Size
1.2MB
-
Sample
220521-w76weabbc9
-
MD5
a0de3a2de4dde7a111596f782fad1cd7
-
SHA1
3c9086a3726928fe213b43c88f8beed4ef561951
-
SHA256
a89e368ecf059536c57d4585fced393df12f198f037f6340207c3ef2fb57465f
-
SHA512
9f4e08bd22fb001541d10c64066570dc508699f03ff724eee1bcb9f996f5c284ea2d5cd48988497b34b74a403127f51a24bc561ae88b8e6bb83b2b975333b268
Static task
static1
Behavioral task
behavioral1
Sample
IMG_005938582857265224_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IMG_005938582857265224_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://maylnk.ml/DBY/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
IMG_005938582857265224_PDF.exe
-
Size
1.1MB
-
MD5
d7c1ca09e276d5537b917d2720124da4
-
SHA1
f8d7f6ef12b411869ce765eead978cf74e411038
-
SHA256
d1dd81a8c2880316c78b739876ef8faa6c15b504dcf83859a291dddc774e5097
-
SHA512
15ba0360308eb2cb7204b45129f38e00d4dd36ab3d258ffdb7a465db3cc9fb788847983ffe38ee3d721bd5012224519138519533d2a45b35cd97e6f08ea57c32
Score10/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-