General
-
Target
RFQ - 85Y64738494_pdf.exe
-
Size
671KB
-
Sample
221123-s37qcsga5x
-
MD5
c00ed7fc521719603c723d91b008ccfe
-
SHA1
69b9bc2906c220eca793d44d1b645274735c8896
-
SHA256
f1752b21e5de6e84ddece41008722553a7af75c461038f2316a0f385b9257922
-
SHA512
0c69f83fefa6a62dafd8ea1a4a846e0f832f5984687327ba68e511f0a44233c0c7d1963d3cb11a4cf49a70f125e14279b97f2634df05b17841388d0ebc883445
-
SSDEEP
6144:xOM653LNJF+DCt4cC07mTb+zS3yeWdPMS0QvCk5pa4KTC9Ex0wFLUY7kHV4NWGeT:xOMiJF+DCtfmIeYM/QjELUbV4wfGvZ4
Static task
static1
Behavioral task
behavioral1
Sample
RFQ - 85Y64738494_pdf.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
RFQ - 85Y64738494_pdf.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://208.67.105.148/maersk/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RFQ - 85Y64738494_pdf.exe
-
Size
671KB
-
MD5
c00ed7fc521719603c723d91b008ccfe
-
SHA1
69b9bc2906c220eca793d44d1b645274735c8896
-
SHA256
f1752b21e5de6e84ddece41008722553a7af75c461038f2316a0f385b9257922
-
SHA512
0c69f83fefa6a62dafd8ea1a4a846e0f832f5984687327ba68e511f0a44233c0c7d1963d3cb11a4cf49a70f125e14279b97f2634df05b17841388d0ebc883445
-
SSDEEP
6144:xOM653LNJF+DCt4cC07mTb+zS3yeWdPMS0QvCk5pa4KTC9Ex0wFLUY7kHV4NWGeT:xOMiJF+DCtfmIeYM/QjELUbV4wfGvZ4
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-