General
-
Target
25022025_0039_Orden de compra_(PO201570)_ESUCO SA..exe.iso
-
Size
314KB
-
Sample
250225-azl1daym18
-
MD5
3b3602199bdb007577d37ad23e4bfb2a
-
SHA1
92e1998a7cf87a0b173f75682d6565d4a7b3ac47
-
SHA256
87a844afe80f6bc2c27a6b40a60c76da9605735f4a2896fe2667f5a2d8b1eacb
-
SHA512
ae9340514cf9a48fd94cf0cd40a4fee59ce49eed956804ce8007f3516ab4e934cd6f5ab0dc9d9c47bd6ab768e7a97a588f596f3418a838cc41f228d5ea7d9661
-
SSDEEP
3072:UOk3o6IBhL+M6iw6cAEXj/rSpiTFFAB+jne+26HwOPvCicqfjXU52cgj4Z/itKjt:R4obyM6uWnj2QtTbq2cgckKjdEAmg+
Static task
static1
Behavioral task
behavioral1
Sample
Orden de compra_(PO201570)_ESUCO SA..exe
Resource
win7-20241023-en
Malware Config
Extracted
lokibot
https://ddrtot.shop/New/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Orden de compra_(PO201570)_ESUCO SA..exe
-
Size
254KB
-
MD5
c5e500815f323a78a22d2f6df2639a4d
-
SHA1
43357de64552ee99d1e2f533afe419b554e237ac
-
SHA256
1d723e459d4edcfdba3c63825c9582341d356b22ecfc22b8a446b430e0b27be5
-
SHA512
02cd436252e5616590648c292766054362e71aa0a4f55d0b29af62e278d19a8572a65b00f8fe0d97dca9069c7c1958bf02993f2383dbfda2ab61268a804875d8
-
SSDEEP
3072:zOk3o6IBhL+M6iw6cAEXj/rSpiTFFAB+jne+26HwOPvCicqfjXU52cgj4Z/itKjt:K4obyM6uWnj2QtTbq2cgckKjdEAmg+
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-