General
-
Target
DHL Receipt.exe
-
Size
876KB
-
Sample
221003-jw5gzsfgan
-
MD5
eddb9b6760b873f3d34d521e477ce025
-
SHA1
0f948f0de6a327f094bfe78cffa67553761dbeea
-
SHA256
c201333fad1225eac836fad58bc37e183f272e0cf4a62d5754868097560dbc47
-
SHA512
f5af5466ee50cc51e93cc80d895800a1d162c9321a9e146769a962551bdde6aa4636f6a869b3ff14114ccd73b2630e079f320a34827e618092638b88b67e3f3d
-
SSDEEP
12288:AohEdeK4HTNvS+vy8kPjPw9oBTI4n5pFuy1:LhcbPwGTvnT
Static task
static1
Behavioral task
behavioral1
Sample
DHL Receipt.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DHL Receipt.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://162.0.223.13/?zfkdYtHLPzjU8NYmyvhLkN8G1QZuI5Khl4vjyc5nMohVcgiLLAw5oEMpvMUd
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DHL Receipt.exe
-
Size
876KB
-
MD5
eddb9b6760b873f3d34d521e477ce025
-
SHA1
0f948f0de6a327f094bfe78cffa67553761dbeea
-
SHA256
c201333fad1225eac836fad58bc37e183f272e0cf4a62d5754868097560dbc47
-
SHA512
f5af5466ee50cc51e93cc80d895800a1d162c9321a9e146769a962551bdde6aa4636f6a869b3ff14114ccd73b2630e079f320a34827e618092638b88b67e3f3d
-
SSDEEP
12288:AohEdeK4HTNvS+vy8kPjPw9oBTI4n5pFuy1:LhcbPwGTvnT
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-