General
-
Target
7f4d394f5f4dacfaa5e5bde3a9514d9b3abbd3d0141ce34a196da19332212cf3
-
Size
811KB
-
Sample
220521-w8vjrsbbg3
-
MD5
c9239b37b7465b082b5227fed95a9119
-
SHA1
0616b08cfd858afb1a8c25310625c6d581c9d405
-
SHA256
7f4d394f5f4dacfaa5e5bde3a9514d9b3abbd3d0141ce34a196da19332212cf3
-
SHA512
818e410d3ff4e0a977cb35e44e5522a300053a075c671ce15e45d87096239a3200318ad52ab853b4ed247d301b483f5e4a8eaaaed129ce71c88a30669acc2347
Static task
static1
Behavioral task
behavioral1
Sample
Copy of Transfer Receipt From Our Bank_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Copy of Transfer Receipt From Our Bank_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://attlogistics-vn.com/first/chief2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Copy of Transfer Receipt From Our Bank_pdf.exe
-
Size
1.2MB
-
MD5
6032263ed6e4d75e4374af139e894457
-
SHA1
96a525573cda58fba06b33158fc6bac6ff1259eb
-
SHA256
df74667577ba476da01977b4ef436663d5ae6dfca32eed7e3f307d3b0a4bda47
-
SHA512
a919e138c107db235dde231ac542b24a9ee77d4ed9029433893e8204fb7cd7cade0523bd43a5fcfcc3306fd82387314171b23739c0a4c4545e118d69b386e76f
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-