General
-
Target
cba5a4bdb5718cc709ed3a487c35a00ed24a27b537c35bceb5e14fa6ec139646
-
Size
329KB
-
Sample
220701-r6nafsadb7
-
MD5
0951a43f800b5c1c174720cebd49c043
-
SHA1
e63cef04bd34325826ce764dc484d79cfd5e4e24
-
SHA256
cba5a4bdb5718cc709ed3a487c35a00ed24a27b537c35bceb5e14fa6ec139646
-
SHA512
f4d7234ad670d32a4e8211c47e9558bb7b7ff0b688dd158b55c3118509ca04f9cde0a263382588a6cdc9d67e373d8e75dee4243a7db43b201065b984919e18e6
Static task
static1
Behavioral task
behavioral1
Sample
AWB-INV.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AWB-INV.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://107.175.150.73/~giftioz/.dycosmxiz/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
AWB-INV.exe
-
Size
608KB
-
MD5
8167c38ef40136342f174e1327ac257e
-
SHA1
4b92ddf62078712742d73db08ef78537e29d4f99
-
SHA256
f382cf6a6e299a826df072eea716a5b947df3417d5eafad3fab12edb5b51920a
-
SHA512
57a0f9212f4bc3bfd3ad1077b149598aa9fe342d6b5247e854a2707923934d5955eefe764cbdef5bde9484b95f81ec74f0ba418263d291277dd1f6087a91e128
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-