General
-
Target
48290438a9422960ffc63c428a9645de43d2a9a0cda9f35b0d37ac32a232ccc7
-
Size
959KB
-
Sample
220521-w8avcsedfj
-
MD5
acbde86c9bef655fef24a316a7ee0bc8
-
SHA1
2fe466bd440755c566d0155449c596a47ab537ec
-
SHA256
48290438a9422960ffc63c428a9645de43d2a9a0cda9f35b0d37ac32a232ccc7
-
SHA512
c54c9d327235a002bcd26f2011eb456d22331a0e4817a04927dec0b7224bb1b78480af022dd0f3db20a31ca3e9bf18acf18ce6b9996e28e9e6349a2f087b7380
Static task
static1
Behavioral task
behavioral1
Sample
IMG6690-05-2020 BANK ORDER SCAN COPIES.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IMG6690-05-2020 BANK ORDER SCAN COPIES.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://mecharnise.ir/da9/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
IMG6690-05-2020 BANK ORDER SCAN COPIES.exe
-
Size
1.4MB
-
MD5
487def2d050ef8844a197e363c931f0b
-
SHA1
d03cc28af3ca143ef308bb8bbf11bdfa76b8118c
-
SHA256
77acad55f36e96de7a8d2d37abc8faee5795196c67a89ae0b283f9076ea45c51
-
SHA512
588d43bf39b57a88f3425759245b29513e2d2bef8e9fd6bf678a11a9383de4270fa96e364dd0103484b3cc2851e08b9c76d717c09627373e65cdb38cd0acc945
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-