General
-
Target
95cc72ed53fb74ee8ebae971b9adfa7a22c0f33c079fa26c444146309e6e2b27
-
Size
758KB
-
Sample
220521-w8hvzabbe8
-
MD5
d1cf52b6438ac6cb7699495655fcf279
-
SHA1
b9bd9bb2e4bcc894718036909179b846b6611e6e
-
SHA256
95cc72ed53fb74ee8ebae971b9adfa7a22c0f33c079fa26c444146309e6e2b27
-
SHA512
11ed3980d119cf29724b75d81c284dd706eacdd4b0a196132dad6cce21a40078840d7d7d2c1817f250419e47acfd32ab3e4ed452836234558d3190b64213fe78
Static task
static1
Behavioral task
behavioral1
Sample
NEW PURCHASE ORDER FOR SHIPMENT_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW PURCHASE ORDER FOR SHIPMENT_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://attlogistics-vn.com/first/chief2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
NEW PURCHASE ORDER FOR SHIPMENT_pdf.exe
-
Size
1.2MB
-
MD5
1414eb6711ddc866d03a55ed1736913b
-
SHA1
44315cfa8aabaee5e413dbe179fb81acee04b57a
-
SHA256
5b5e5f3fa52d158a148ad8dd2dc47569c0a95bd9f3d2d0fb8b8f1bf98b64ec74
-
SHA512
de701d6e9da4c794f78cafe9a6d7730afcfdf84809f9b80360f507b1284b93e1879e31e9caa17a2b80af0f26a39a7f5fbfe78f752d777aebb5a9fcdcce183313
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-