General
-
Target
Shipping Documents.exe
-
Size
366KB
-
Sample
230206-gqwa1scc68
-
MD5
af39b7b5649c213e9c6a13cc99c2d13a
-
SHA1
d334bfa5d3391e41b3bd19e103e680fe96881615
-
SHA256
62f824b06b0976ff8210b073514cb2b95f5e3d83ffcd1bcae97afc319a928385
-
SHA512
29b490821a7ca75509db69b52f520088e35f42b3717672fc20232cbf710f55e010df4c824040bb386db24ad5795001caeafcd186c55855b9a0f3c02c08da6627
-
SSDEEP
6144:8wwiGQr4m870rhISFi6YCkURYgROdCOYMxoLMDQmsNsSI5:8F9Qr4m8Ipi6yUdOsourNJI5
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Shipping Documents.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha10/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Shipping Documents.exe
-
Size
366KB
-
MD5
af39b7b5649c213e9c6a13cc99c2d13a
-
SHA1
d334bfa5d3391e41b3bd19e103e680fe96881615
-
SHA256
62f824b06b0976ff8210b073514cb2b95f5e3d83ffcd1bcae97afc319a928385
-
SHA512
29b490821a7ca75509db69b52f520088e35f42b3717672fc20232cbf710f55e010df4c824040bb386db24ad5795001caeafcd186c55855b9a0f3c02c08da6627
-
SSDEEP
6144:8wwiGQr4m870rhISFi6YCkURYgROdCOYMxoLMDQmsNsSI5:8F9Qr4m8Ipi6yUdOsourNJI5
Score10/10-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-