General
-
Target
HSBC Advise_pdf.exe
-
Size
345KB
-
Sample
230208-xbmnbsed54
-
MD5
c08915d718c9b1da8400751f213e7bf1
-
SHA1
439bf8130c4473cbe1a1080c4164835d5c8caad1
-
SHA256
8e50298bbba73d4b92ffa37dba5a5807c34d248600b72238d4fcb9ae55c3ce0a
-
SHA512
184e8aa41d3554af531d9a91460a31c59788b1a3bc680728ae0afd9e01976f7fdaf1f0cab6203400d8fcefd4be8a680e2731aa9a35b8719305a4e6ee34d6dad0
-
SSDEEP
6144:uYa6oFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFQ:uYi//tP/RMHzeSU77QGTm
Static task
static1
Behavioral task
behavioral1
Sample
HSBC Advise_pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
HSBC Advise_pdf.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha12/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
HSBC Advise_pdf.exe
-
Size
345KB
-
MD5
c08915d718c9b1da8400751f213e7bf1
-
SHA1
439bf8130c4473cbe1a1080c4164835d5c8caad1
-
SHA256
8e50298bbba73d4b92ffa37dba5a5807c34d248600b72238d4fcb9ae55c3ce0a
-
SHA512
184e8aa41d3554af531d9a91460a31c59788b1a3bc680728ae0afd9e01976f7fdaf1f0cab6203400d8fcefd4be8a680e2731aa9a35b8719305a4e6ee34d6dad0
-
SSDEEP
6144:uYa6oFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFQ:uYi//tP/RMHzeSU77QGTm
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-