General
-
Target
FedEx_AWB#53023114643_1.rar
-
Size
497KB
-
Sample
240418-z165dagb51
-
MD5
d12761c635cb3799be45ab5c2df206aa
-
SHA1
bd8fc30acc6c349b2ddb82a6d0639916b2b36151
-
SHA256
27b7d8e573c0cb497320264b80fd13dcda54c1d92a5b3356aa69280fe53624d8
-
SHA512
c13495bf5a04fa2dedf86e561eaf1c1ef144bfe1b7aa44cf310bba15a54d5e3970e04efe3d073da78cdc19b84519cb802ca454f4a55342d151985c92cfa43938
-
SSDEEP
12288:inz/xlXnPJZeUPGFhyCEV4GdNMVo9Mey3ka9iihS:mHPJnPGFICjhOeka9iX
Static task
static1
Behavioral task
behavioral1
Sample
FedEx_AWB#53023114643.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FedEx_AWB#53023114643.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://24.199.107.111/index.php/0672554332862
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
FedEx_AWB#53023114643.exe
-
Size
558KB
-
MD5
748f2d7afc9aab8fbd553c5b07c0ec5f
-
SHA1
f92418c15a463d6201b32821ee9ef653db4a8600
-
SHA256
99f0f330f7fafcc28267cc425f1d62ebf2a1604cd1843adec3a63e6631044d14
-
SHA512
d9ceb997622ef2cff0ccb1613326bfe2efd22a1e0dc7e08fab04cf87a34290a3f1140219a461d727e8d9f9157d2c6793c2b07a30b8bbd5beb61228b5cdd996da
-
SSDEEP
12288:nnUqvDQpIa40jkkT/lGrrH4GF3rUz9dKgXFZuz3kR:nFD8Iam7rHDezKgXqi
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-