General
-
Target
4cb9d954498b547895d47663f6cc738b526549e2dddf04e3cf670b6487ac328f
-
Size
1.4MB
-
Sample
220521-w9cqcabca9
-
MD5
bd7c3916bc25ed28e438c71bac06ef7f
-
SHA1
3705ecadf5e7094db4e36a408d2f33f3e62a2148
-
SHA256
4cb9d954498b547895d47663f6cc738b526549e2dddf04e3cf670b6487ac328f
-
SHA512
2a082d01d794425420766d45d89e1cf46e23f5872429776c12d24acc69d2a638c4208f9969758eabed0ab297fba3d7ca3a4cb18604b6ca8d34cc6cc800b789f2
Static task
static1
Behavioral task
behavioral1
Sample
Payment Form for Bank related transactions_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Form for Bank related transactions_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://attlogistics-vn.com/first/chief2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Payment Form for Bank related transactions_pdf.exe
-
Size
1.9MB
-
MD5
6f22f48b376ad3a849465afe42708dbe
-
SHA1
48f86146c0366e56cc7fe4af8ee33df0a3c070e3
-
SHA256
8ba79c48575e0541fe357ea7acfd5e20cf8c6924b293a42c909b8044305c4ec8
-
SHA512
27143491f7a01d140aed5d72e1c4537ef160415fb7cfa1668fc82463e624abf1e0b71781332144180d7b12d01ddd03b3dac36a05860fee3c496c2d6fa6c7bc1a
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-