General
-
Target
8abf8a5e71416f0939a52379f0fe6d91cf7ec97e58cda4c4d4b488e6a190444a
-
Size
1.4MB
-
Sample
220521-xze86acgg3
-
MD5
444fa79a883c46c86c888a25e621f183
-
SHA1
4bb6e4e354581b7f0118c3b60ae99ddaa6b9ef22
-
SHA256
8abf8a5e71416f0939a52379f0fe6d91cf7ec97e58cda4c4d4b488e6a190444a
-
SHA512
8abe8d71671ff42971bc11593eb878765b06dac4bbc8d1fc9aac7e3beae3e2abeaf0aca6b315102e42e84dd212523bd2d1484561e8483e8f6e7f6fb57db8f23a
Static task
static1
Behavioral task
behavioral1
Sample
Scan_Doc_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Scan_Doc_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://aesseal-my.com/first/chief1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Scan_Doc_pdf.exe
-
Size
1.9MB
-
MD5
d31abffc25e20264d1fa0ccd9bf3341c
-
SHA1
66a1fd52c3be512f2a190116957e61114cdc18f3
-
SHA256
0d6a98a80e0553364229b9d4fbd708f6c723c68aa3e8db535209bcc88c0af435
-
SHA512
39235aa58620e9a739f8ed639c37c0808dbb010c27f4001ff77448edc3e16f134b9d00d313cac96ad92a8da822f49020cc609b30d013df5c937aaa1cc7fc430b
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-