General
-
Target
QUOTAZIONEpdf.exe
-
Size
244KB
-
Sample
220114-kss58afce3
-
MD5
23b85c2f43b23b57411e4f4366a10b25
-
SHA1
1511bfee72f99f691c93a1e6b070724890c6aea8
-
SHA256
9ad929181f755701c0152618393ccff03e0499944c2e3f22fa2d0539347f5c45
-
SHA512
7762714729e6bcbec554e573554ac5a78333a36369c3fe2a81c17fac2810b0b19fa191f05119a4805f7de27f15d2c9252ede56e3dd4b9799cce7593bbd8ae769
Static task
static1
Behavioral task
behavioral1
Sample
QUOTAZIONEpdf.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
QUOTAZIONEpdf.exe
Resource
win10-en-20211208
Malware Config
Extracted
lokibot
http://slimpackage.com/slimmain/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
QUOTAZIONEpdf.exe
-
Size
244KB
-
MD5
23b85c2f43b23b57411e4f4366a10b25
-
SHA1
1511bfee72f99f691c93a1e6b070724890c6aea8
-
SHA256
9ad929181f755701c0152618393ccff03e0499944c2e3f22fa2d0539347f5c45
-
SHA512
7762714729e6bcbec554e573554ac5a78333a36369c3fe2a81c17fac2810b0b19fa191f05119a4805f7de27f15d2c9252ede56e3dd4b9799cce7593bbd8ae769
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-