General
-
Target
DHL Shipment Receipt.exe
-
Size
953KB
-
Sample
221004-neacqsafg6
-
MD5
874ad6e3a99e8ced805b51abdce4c7be
-
SHA1
40c5eb8dde1fc3b23af3353059056a2c32217665
-
SHA256
8e8db2f4e243b2a131584bab586e5a28b610f93a62ca3b5b9ab91cd9d9c78597
-
SHA512
e0761712a13fe7b3908aed9d7ebb18e9971d3d436f450bc7945e97edbb046a3902ef804ea62b8e1e7d9f4766b65c95c27a7edbbaf89be402054c44dc923bdbfc
-
SSDEEP
12288:yfK4HTN3iCLTYk9tPlDsepe9giU2YBajEXXRWYWlV:ULTYkb9Dl/0Ew4XRWYWlV
Static task
static1
Behavioral task
behavioral1
Sample
DHL Shipment Receipt.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
DHL Shipment Receipt.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://162.0.223.13/?0ZbRoqHjbXfrX54fnD4rBmzDYlyFq8Yr7ajvA0OLY4dV9iaxVfYwByaATIgkQeLXp4tZ5i
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DHL Shipment Receipt.exe
-
Size
953KB
-
MD5
874ad6e3a99e8ced805b51abdce4c7be
-
SHA1
40c5eb8dde1fc3b23af3353059056a2c32217665
-
SHA256
8e8db2f4e243b2a131584bab586e5a28b610f93a62ca3b5b9ab91cd9d9c78597
-
SHA512
e0761712a13fe7b3908aed9d7ebb18e9971d3d436f450bc7945e97edbb046a3902ef804ea62b8e1e7d9f4766b65c95c27a7edbbaf89be402054c44dc923bdbfc
-
SSDEEP
12288:yfK4HTN3iCLTYk9tPlDsepe9giU2YBajEXXRWYWlV:ULTYkb9Dl/0Ew4XRWYWlV
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-