General
-
Target
PROFORMA INV 110856.exe
-
Size
546KB
-
Sample
230605-pf2daage58
-
MD5
79b4a4b3bc4c1f833bd5bb07845aa9c1
-
SHA1
02ff29f4bc44b759259c541f32c8f7cf91b0e738
-
SHA256
a19a7f643cbad12cc1144bf4894bb452c67667c20f35de5f167d870b8e84ed84
-
SHA512
e5a4a748d726c2357dd51ff857984f286e4efeb5124fa160ad33c601afb9c86895efbb4e58cc2c7bd7f7840bff411b219167f4ecd23ded88426f51ce3511fa23
-
SSDEEP
12288:l+n0snDNxPc9GT2iKTY9NH/Smx4bfpwAc6s:EDPcy2i9/Hibfu
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA INV 110856.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PROFORMA INV 110856.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://185.246.220.85/project/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PROFORMA INV 110856.exe
-
Size
546KB
-
MD5
79b4a4b3bc4c1f833bd5bb07845aa9c1
-
SHA1
02ff29f4bc44b759259c541f32c8f7cf91b0e738
-
SHA256
a19a7f643cbad12cc1144bf4894bb452c67667c20f35de5f167d870b8e84ed84
-
SHA512
e5a4a748d726c2357dd51ff857984f286e4efeb5124fa160ad33c601afb9c86895efbb4e58cc2c7bd7f7840bff411b219167f4ecd23ded88426f51ce3511fa23
-
SSDEEP
12288:l+n0snDNxPc9GT2iKTY9NH/Smx4bfpwAc6s:EDPcy2i9/Hibfu
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-