General
-
Target
Maerskline Receipt.rar
-
Size
512KB
-
Sample
221128-kg29raab45
-
MD5
51e0b6c565bf6b22f2b0e9312332ff69
-
SHA1
a43dfbd37e48068a2f52343dfbc91e0977ae7c32
-
SHA256
323dfe748192de2c66729a6b781f73188233d4cf2efef722271499a047847011
-
SHA512
cdeb107f11e1c53aecf529ef16e43efc5317cd96c489751998f64d057337d6473383cf5783cfff74814f43fa4d7eee4838804c050b873a1d8aa584a6f278f842
-
SSDEEP
12288:3grEZJp9RgpcEiGxt1Q8p3knv7vk/zIGxKBxdPPeNR1NX9i7agxOv:hZH9RscE/xjQ8p3kI/Uu4jPs1V9Tgcv
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Inquiry.exe
Resource
win7-20220901-en
Malware Config
Extracted
lokibot
http://157.245.36.27/~dokterpol/?page=14914169539334
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Purchase Inquiry.exe
-
Size
721KB
-
MD5
bbf8cc59cbe4cd8d3845c1499335c07f
-
SHA1
045568cace1af652cf3dea51f561bfe80c0035d7
-
SHA256
7329528ead7542c9af48aeff33fcfa265731b53ad352af1efc3666911f115090
-
SHA512
7a26c93971d7470800187fecb2908d377bd2df9aa24fd69b6c6c999746384f37e2cfc13679cef3977e4bb7b833f504ab4c2cbf10bb2883f9d52d711f678f9210
-
SSDEEP
12288:Be1O4WxovDi23bDIg95lzKogGNkwZ3cYRMdS98MTHRyoY:eIgvxKodMS2MjRpY
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-