General
-
Target
bank remittance.xlsx
-
Size
2.3MB
-
Sample
210114-qz6ycfdcj6
-
MD5
c29a880a76eb591fcb948223e6ea66c5
-
SHA1
2992ee94c58e1190f2222086ceb5e923d5977af3
-
SHA256
9213594d63646a5144de658badc6f9fd4ac15ce711bac1f115ccdf08d74c8add
-
SHA512
9064489ed4e5404218638161e5d2df0614578a711d643d098f5c0ee0ece96981a5cfcfedad22a6a4e20dc70a6ed32f9017f7ca50c699c9b8cd954dcb5d10851f
Static task
static1
Behavioral task
behavioral1
Sample
bank remittance.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
bank remittance.xlsx
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://blueriiver-eu.com/chief/offor/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
bank remittance.xlsx
-
Size
2.3MB
-
MD5
c29a880a76eb591fcb948223e6ea66c5
-
SHA1
2992ee94c58e1190f2222086ceb5e923d5977af3
-
SHA256
9213594d63646a5144de658badc6f9fd4ac15ce711bac1f115ccdf08d74c8add
-
SHA512
9064489ed4e5404218638161e5d2df0614578a711d643d098f5c0ee0ece96981a5cfcfedad22a6a4e20dc70a6ed32f9017f7ca50c699c9b8cd954dcb5d10851f
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-