General
-
Target
ZANTE V.072W.xlsx
-
Size
1.8MB
-
Sample
210115-53b1apsxfe
-
MD5
af4139aae5a126f5aabc8958601f0266
-
SHA1
10f6ed80521347047c40ae17e0765f34623d34d8
-
SHA256
6052c399809ab174d76903fb8824418a8c5890f59564385434cd230f46087bfe
-
SHA512
e447e519ca4a2b5aa52063100726dbe2300ce5b7bf143b35c7fb2b880d7d84e919998d82308c329613abfa04e2f6b4ce4e9295cedad6162795a48134af15bd62
Static task
static1
Behavioral task
behavioral1
Sample
ZANTE V.072W.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ZANTE V.072W.xlsx
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://blueriiver-eu.com/chief/offor/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ZANTE V.072W.xlsx
-
Size
1.8MB
-
MD5
af4139aae5a126f5aabc8958601f0266
-
SHA1
10f6ed80521347047c40ae17e0765f34623d34d8
-
SHA256
6052c399809ab174d76903fb8824418a8c5890f59564385434cd230f46087bfe
-
SHA512
e447e519ca4a2b5aa52063100726dbe2300ce5b7bf143b35c7fb2b880d7d84e919998d82308c329613abfa04e2f6b4ce4e9295cedad6162795a48134af15bd62
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-