General
-
Target
3b56a043cfbecbbe7e9e44e087611ab188feb373f34983c34ab9081b8dba05ed
-
Size
813KB
-
Sample
220521-w8seeabbf9
-
MD5
f977094edc9eff242cc8e92c289d6073
-
SHA1
521211b5398292adc4644a0ee5c89d8f14f25e2e
-
SHA256
3b56a043cfbecbbe7e9e44e087611ab188feb373f34983c34ab9081b8dba05ed
-
SHA512
cdd6b2f7ebdabcacb7454b173743fb22ebb358b3c3d08703816d275e6891527f93a0f5d76a5e653477f7572ca9e9bbcf19c64fe3f82556ed1726e77f13559473
Static task
static1
Behavioral task
behavioral1
Sample
Scan_Doc_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Scan_Doc_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://attlogistics-vn.com/first/chief2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Scan_Doc_pdf.exe
-
Size
1.2MB
-
MD5
a7dcee077701d97ff5033795462f611c
-
SHA1
85bd384e1624fa1af899f0f33f584ac240a6fb28
-
SHA256
79129af7eeae9ebb06e1e77ceb732e24565771282c1381b15a3f19721936b84c
-
SHA512
acff59bb08c15c9c77e6bf517b1badd31fb690d5cc2793d43115ae3167837b07d2c4aa17633a9bfe3fb3bc3df8d386192153fc84eaf91b202908378254b1ffbc
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-