General
-
Target
TNT Shipment Documents.exe
-
Size
872KB
-
Sample
221003-jw468aecd2
-
MD5
516ce66e0061d3e712708c93abb83f63
-
SHA1
b393dea4f49c9e5a9d7a8e44bdc4a766330e922c
-
SHA256
3097ef71e54843944f47d89ca4e5563bcb3a045d1c065f5cf4432dc0dbda70a4
-
SHA512
42fa0b24df21bcee0fc1174c9d7b06a193f15d0b74bb6bdbe941dd96c5c9a1342e3e5250122e4a41f3811177631643c7b4e9986badc3064db5764af135fc553d
-
SSDEEP
12288:gvwqi0gEnq+PPz7CVpL9nusT5W/JOdV3qTbFKK4HTN:kwqn9PPzuTL9nzVWhGVK5
Static task
static1
Behavioral task
behavioral1
Sample
TNT Shipment Documents.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
TNT Shipment Documents.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://162.0.223.13/?0ZbRoqHjbXfrX54fnD4rBmzDYlyFq8Yr7ajvA0OLY4dV9iaxVfYwByaATIgkQeLXp4tZ5i
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
TNT Shipment Documents.exe
-
Size
872KB
-
MD5
516ce66e0061d3e712708c93abb83f63
-
SHA1
b393dea4f49c9e5a9d7a8e44bdc4a766330e922c
-
SHA256
3097ef71e54843944f47d89ca4e5563bcb3a045d1c065f5cf4432dc0dbda70a4
-
SHA512
42fa0b24df21bcee0fc1174c9d7b06a193f15d0b74bb6bdbe941dd96c5c9a1342e3e5250122e4a41f3811177631643c7b4e9986badc3064db5764af135fc553d
-
SSDEEP
12288:gvwqi0gEnq+PPz7CVpL9nusT5W/JOdV3qTbFKK4HTN:kwqn9PPzuTL9nzVWhGVK5
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-