General
-
Target
495e88db7f79e4930611aa0647ee42b806a7112b211546639e16dec2ebbac21b
-
Size
616KB
-
Sample
220521-w8k1bsedgk
-
MD5
07578f047c179095dd7c564c3872cdd6
-
SHA1
b75e2e2c818eb82ae643296287442ebb2c6e4298
-
SHA256
495e88db7f79e4930611aa0647ee42b806a7112b211546639e16dec2ebbac21b
-
SHA512
df74b67bcef2df4c53ceba59186bdcb3a2d7f1d420c4c643fb723716de5b82b22b28a0e2d6a2380f679f197f0d9beefe54deae4bd1ab795c2329874999daf4b3
Static task
static1
Behavioral task
behavioral1
Sample
COVID-19 TRANSFER RECEIPT FORM_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
COVID-19 TRANSFER RECEIPT FORM_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://attlogistics-vn.com/first/chief2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
COVID-19 TRANSFER RECEIPT FORM_pdf.exe
-
Size
1MB
-
MD5
1678a6372c11592d92876749482fd18e
-
SHA1
e7001067022152bc76445369c9c14f59e0097fdc
-
SHA256
2a3c60d816836bf1cecb31f34d4eaf5b93976c123364538d5b8e22e9272e1269
-
SHA512
fa2bc8977f0c929fd6baafaf863b809a38eb6704f05199ec6073cda40116ffc169c6ea33079cbd367f21084ad6a581dabd989e5f4163fa2f4648406c35fc778b
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Email Collection
1Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation