General
-
Target
rpayment_slip.pdf.exe
-
Size
566KB
-
Sample
240325-lfw7safa8w
-
MD5
0aa08a1de128f754244a41caad13b855
-
SHA1
d757260a3e82337339e45a596e7f879df42776e7
-
SHA256
bbc7fdaebde9c78601c1965f662082874bae5e023f85701316f930266b0482c6
-
SHA512
555951f159cd139d0d7d8f8ea1f36faed3d82e1c96833198450355bd620c63a3a1c0b55d8cd3a33b4c37678bbba31819562c3743be9dd73fc509e52cb62273df
-
SSDEEP
12288:Zp4CMwaRzpgQF9z72qYps2bgBiFhNTetpAAI2xv2nA:izFFo4ALNyt9jxO
Static task
static1
Behavioral task
behavioral1
Sample
rpayment_slip.pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
rpayment_slip.pdf.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
https://sempersim.su/c6/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
rpayment_slip.pdf.exe
-
Size
566KB
-
MD5
0aa08a1de128f754244a41caad13b855
-
SHA1
d757260a3e82337339e45a596e7f879df42776e7
-
SHA256
bbc7fdaebde9c78601c1965f662082874bae5e023f85701316f930266b0482c6
-
SHA512
555951f159cd139d0d7d8f8ea1f36faed3d82e1c96833198450355bd620c63a3a1c0b55d8cd3a33b4c37678bbba31819562c3743be9dd73fc509e52cb62273df
-
SSDEEP
12288:Zp4CMwaRzpgQF9z72qYps2bgBiFhNTetpAAI2xv2nA:izFFo4ALNyt9jxO
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-