General
-
Target
8716374c3ecca5fbd8146c1fb51bd84077289ed6b0bfe3e49e4eda26df71bfba
-
Size
1.2MB
-
Sample
220521-xzb7hacgg2
-
MD5
1c16936360390e4418aaf7c86620e32b
-
SHA1
4e57d3be422d925fcfda5f3c3220e2159d1a70e6
-
SHA256
8716374c3ecca5fbd8146c1fb51bd84077289ed6b0bfe3e49e4eda26df71bfba
-
SHA512
28054562574a4eb4863652342418cac36850f577b05207dcad63dfb9a99c7bdfa9738deead18458a494d8247a85b11b15f867c0c8f306e4dfbebf7abdad8acd7
Static task
static1
Behavioral task
behavioral1
Sample
E-PAYMENT_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
E-PAYMENT_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://attlogistics-vn.com/first/chief2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
E-PAYMENT_pdf.exe
-
Size
1.7MB
-
MD5
fab80b972db111752b33a39d8f3df38c
-
SHA1
c5b4e459e0aaefb9ede9006e79ab6d80837f35e2
-
SHA256
636c1b018b9508a33351d294d62694ba03f27587f1f7bc7cf315bddbce3190c3
-
SHA512
2f5af0feaa5ac977cdc464aa4f9ebce8ede20b28a52c4189bcb886946b89a5a0c1d0021fc54506a82de52ed5e53b6beb5a9699a432938f393e81592cf4a1c97a
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-