General
-
Target
IMG_056719.xls.exe
-
Size
1.1MB
-
Sample
210114-6j9bantzsx
-
MD5
f92036fc54ce0735a7af4f53d9511937
-
SHA1
d3c1bb647fa77b5abced7cafc6af821eed57daba
-
SHA256
22df9f21a06e39c218062e506094cd16b272094b941c729c4a7c510145509034
-
SHA512
a1b13298931c2f8cbe691cce0efb09f13e86c65315a14245dfd8b9db31101bd45d5a7b59cef96611e91a582e0b18f202bc4382fdc72cba4bd7eb8beac436b9f8
Static task
static1
Behavioral task
behavioral1
Sample
IMG_056719.xls.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
IMG_056719.xls.exe
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://185.206.215.56/r-1/cgi.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
IMG_056719.xls.exe
-
Size
1.1MB
-
MD5
f92036fc54ce0735a7af4f53d9511937
-
SHA1
d3c1bb647fa77b5abced7cafc6af821eed57daba
-
SHA256
22df9f21a06e39c218062e506094cd16b272094b941c729c4a7c510145509034
-
SHA512
a1b13298931c2f8cbe691cce0efb09f13e86c65315a14245dfd8b9db31101bd45d5a7b59cef96611e91a582e0b18f202bc4382fdc72cba4bd7eb8beac436b9f8
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-