General
-
Target
Pago.doc
-
Size
48KB
-
Sample
241204-ptf99s1jdr
-
MD5
d0ada04c1b8cfc4c6a0618d5d6c9a346
-
SHA1
cb8450af21d627d9e21d7d60331ea63abe1616f1
-
SHA256
29721d2110ed64d24ab30e34bd736c56a39fd0427a2f3099fcacbc2d6a5167e9
-
SHA512
fc07a61d3c1be9e3dc76d9e28ab140b6b0751deec465897eb6c6ca66977421d902cbd1a3dd411f3b2b466d9bccfc8bed5e42ea1a5369a5bf5843a38a540ff22f
-
SSDEEP
384:iNkHfFAhRp/6j1dhUsQGlWmxDJzkpiSY5UAQ3krEdW2sUXQ9Aaqti/Bp60jc:NKhHi3KnCWmHzk7XkrEZwFE
Behavioral task
behavioral1
Sample
Pago.doc
Resource
win7-20241010-en
Malware Config
Extracted
lokibot
https://www.stipamana.com/jedrshyyjdft/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Pago.doc
-
Size
48KB
-
MD5
d0ada04c1b8cfc4c6a0618d5d6c9a346
-
SHA1
cb8450af21d627d9e21d7d60331ea63abe1616f1
-
SHA256
29721d2110ed64d24ab30e34bd736c56a39fd0427a2f3099fcacbc2d6a5167e9
-
SHA512
fc07a61d3c1be9e3dc76d9e28ab140b6b0751deec465897eb6c6ca66977421d902cbd1a3dd411f3b2b466d9bccfc8bed5e42ea1a5369a5bf5843a38a540ff22f
-
SSDEEP
384:iNkHfFAhRp/6j1dhUsQGlWmxDJzkpiSY5UAQ3krEdW2sUXQ9Aaqti/Bp60jc:NKhHi3KnCWmHzk7XkrEZwFE
-
Lokibot family
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-