General
-
Target
DRAFT_DOCS_INVCK2023M1903_BL_PL_Pdf.rar
-
Size
505KB
-
Sample
230130-jx7czabc6s
-
MD5
08fee7c5e3725c9f8c5c300e59e8bf73
-
SHA1
382b49467f17ef32b446d4627c871be1ff4db8a1
-
SHA256
a65a7eb623aa928f2f839856de564ac3f026c8601fa1410cb879829f9cc1eb70
-
SHA512
53d0da04f42331b59b14e791ef3173e933cd635ef257034b155ba841719ab3b3c8e9ca61005cd241bfa8b55ea01711510fd8a07689d4c342ba0f268de2ec0809
-
SSDEEP
12288:F9f1SDUiFNry0ps4IkBRjSDbv2xAScKyO8mJjs:F51N4dy0fI0aT2YY8mJjs
Static task
static1
Behavioral task
behavioral1
Sample
DRAFT_DOCS_INVCK2023M1903_BL_PL_Pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DRAFT_DOCS_INVCK2023M1903_BL_PL_Pdf.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://171.22.30.147/gk1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DRAFT_DOCS_INVCK2023M1903_BL_PL_Pdf.exe
-
Size
587KB
-
MD5
7fd475ea79dc131001cb334373f96c74
-
SHA1
256701edda96f60211fb90cd0e093dddbbf8c56d
-
SHA256
a28a0ee3b401e64c2ae8b1bf74af6774e8656dea3f9644bc31eda735db810733
-
SHA512
aee9e155553f97f7dbb76348b95c4d5c167dc25c12c1d157920025f55229e3c0f1b51bb2ab08bf6acdb872efc6b2192752f15fada463b3da2d45cdf63bfb0198
-
SSDEEP
12288:7xdIyV1ycKTpnmlmBpsKRl9aOoHzbWeh3ih9H1A:9m4gcKTJTpsOaOgBYTe
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-