General
-
Target
FedEx Shipment Receipt.exe
-
Size
1.0MB
-
Sample
221004-nbd7hsaff5
-
MD5
966acaad3b551540158cf028e199ffb5
-
SHA1
d12be7ece990dab832e9c1bf86b76cff3fe7e4aa
-
SHA256
fe1b1bebb008a8664018f8bf9b4a6b13941f4d357c89f3b36c97225b38cb87e0
-
SHA512
524b76556dfaa133c58369c1013802c664c0e427167f1e8ce315fbc0b090efd6100404f800f3f9187509b14baae343ac717246f617eecbb29d89d505b46e2aaa
-
SSDEEP
12288:wsfmDokOwkfNrQa7b6zUt5FoTtJ/Sc/Lc02gU0vlOwo6GWjk2BUK4HTN:wrU1fpf72zG5WTfKf02T0vluWYa
Static task
static1
Behavioral task
behavioral1
Sample
FedEx Shipment Receipt.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
FedEx Shipment Receipt.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://162.0.223.13/?05315
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
FedEx Shipment Receipt.exe
-
Size
1.0MB
-
MD5
966acaad3b551540158cf028e199ffb5
-
SHA1
d12be7ece990dab832e9c1bf86b76cff3fe7e4aa
-
SHA256
fe1b1bebb008a8664018f8bf9b4a6b13941f4d357c89f3b36c97225b38cb87e0
-
SHA512
524b76556dfaa133c58369c1013802c664c0e427167f1e8ce315fbc0b090efd6100404f800f3f9187509b14baae343ac717246f617eecbb29d89d505b46e2aaa
-
SSDEEP
12288:wsfmDokOwkfNrQa7b6zUt5FoTtJ/Sc/Lc02gU0vlOwo6GWjk2BUK4HTN:wrU1fpf72zG5WTfKf02T0vluWYa
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-