General
-
Target
DRAFT_DOCS_INVCK2023M1903_BL_PL_Pdf.exe
-
Size
587KB
-
Sample
230130-q2dpsaaf34
-
MD5
7fd475ea79dc131001cb334373f96c74
-
SHA1
256701edda96f60211fb90cd0e093dddbbf8c56d
-
SHA256
a28a0ee3b401e64c2ae8b1bf74af6774e8656dea3f9644bc31eda735db810733
-
SHA512
aee9e155553f97f7dbb76348b95c4d5c167dc25c12c1d157920025f55229e3c0f1b51bb2ab08bf6acdb872efc6b2192752f15fada463b3da2d45cdf63bfb0198
-
SSDEEP
12288:7xdIyV1ycKTpnmlmBpsKRl9aOoHzbWeh3ih9H1A:9m4gcKTJTpsOaOgBYTe
Static task
static1
Behavioral task
behavioral1
Sample
DRAFT_DOCS_INVCK2023M1903_BL_PL_Pdf.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
DRAFT_DOCS_INVCK2023M1903_BL_PL_Pdf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://171.22.30.147/gk1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DRAFT_DOCS_INVCK2023M1903_BL_PL_Pdf.exe
-
Size
587KB
-
MD5
7fd475ea79dc131001cb334373f96c74
-
SHA1
256701edda96f60211fb90cd0e093dddbbf8c56d
-
SHA256
a28a0ee3b401e64c2ae8b1bf74af6774e8656dea3f9644bc31eda735db810733
-
SHA512
aee9e155553f97f7dbb76348b95c4d5c167dc25c12c1d157920025f55229e3c0f1b51bb2ab08bf6acdb872efc6b2192752f15fada463b3da2d45cdf63bfb0198
-
SSDEEP
12288:7xdIyV1ycKTpnmlmBpsKRl9aOoHzbWeh3ih9H1A:9m4gcKTJTpsOaOgBYTe
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-