General
-
Target
Bank Slip pdf.exe
-
Size
719KB
-
Sample
250225-b7mgjstns3
-
MD5
4e4108ccf43fde81b96e2606d38628a0
-
SHA1
7e557a4e252df3f86b6fa10e61d558ed15727345
-
SHA256
9f259eea8c8508b1b3c77ebde3441e0c8618e253739e4ce469a93d9fd33264af
-
SHA512
3fe601d94128cbca5a506ed88fcd45b16e69fdd8e3ff85b3286dc8039479c1dd3eaecff62d7126902a742fbeaee301485f1d011720d263883698dbc20b2edd4e
-
SSDEEP
12288:WdOWWvUe3yT2+gGYuSBAlz68Xbi1UfkNyC63r47ofWS42q0R7E0UkyT27kR:ooUe0ke+sekkod747A42qqANpX
Static task
static1
Behavioral task
behavioral1
Sample
Bank Slip pdf.exe
Resource
win7-20240903-en
Malware Config
Extracted
lokibot
http://94.156.177.41/sss1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Bank Slip pdf.exe
-
Size
719KB
-
MD5
4e4108ccf43fde81b96e2606d38628a0
-
SHA1
7e557a4e252df3f86b6fa10e61d558ed15727345
-
SHA256
9f259eea8c8508b1b3c77ebde3441e0c8618e253739e4ce469a93d9fd33264af
-
SHA512
3fe601d94128cbca5a506ed88fcd45b16e69fdd8e3ff85b3286dc8039479c1dd3eaecff62d7126902a742fbeaee301485f1d011720d263883698dbc20b2edd4e
-
SSDEEP
12288:WdOWWvUe3yT2+gGYuSBAlz68Xbi1UfkNyC63r47ofWS42q0R7E0UkyT27kR:ooUe0ke+sekkod747A42qqANpX
-
Lokibot family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-