General
-
Target
PUSD9212304_pdf.exe
-
Size
495KB
-
Sample
240305-jktaksag34
-
MD5
4e6d5263bd97cca12e0b97d89d835d88
-
SHA1
a17e6d89373f2955aa3c9b0f8f362f1c0605abd8
-
SHA256
61d2d93c84dfd913dbb976c21fdd3d87dd3100e9035e4dd04b3c5f4c3c705085
-
SHA512
69334afe3ab25369a4c2fce6926a38e293477283a91adb155fdaead9b24985e46e7befc33cabfdd0edef9d8458d679d40c6faca9adc44a439d2c77ee54a4fc19
-
SSDEEP
12288:LBHwI2ZTWUqDcVedlD9ft8Ep4uAjt4SLD5wtbg9Q93:LBHwID4edxFt8849t4UDytH9
Static task
static1
Behavioral task
behavioral1
Sample
PUSD9212304_pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PUSD9212304_pdf.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
https://sempersim.su/c12/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PUSD9212304_pdf.exe
-
Size
495KB
-
MD5
4e6d5263bd97cca12e0b97d89d835d88
-
SHA1
a17e6d89373f2955aa3c9b0f8f362f1c0605abd8
-
SHA256
61d2d93c84dfd913dbb976c21fdd3d87dd3100e9035e4dd04b3c5f4c3c705085
-
SHA512
69334afe3ab25369a4c2fce6926a38e293477283a91adb155fdaead9b24985e46e7befc33cabfdd0edef9d8458d679d40c6faca9adc44a439d2c77ee54a4fc19
-
SSDEEP
12288:LBHwI2ZTWUqDcVedlD9ft8Ep4uAjt4SLD5wtbg9Q93:LBHwID4edxFt8849t4UDytH9
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-