General
-
Target
Swift_INV0880021152020.xlsx
-
Size
2.3MB
-
Sample
210115-ccyanqlc8a
-
MD5
4b4cee24aa613f71e4c48f872fcde74e
-
SHA1
5e720a0637ef8395ab5ef2656a5c9732828ee731
-
SHA256
619a1fe68a1abdabd1b77f4bf3be91d5b5df789d9d941f3fe69ac201935cc1e6
-
SHA512
1403b862fa5da81373443ac1510455ebaa61102f7c3a5fee694adcfc77993adfc67861a393a5ee15ef9e7a0a266936979700bf7d441c953a18c6519af9ed14c2
Static task
static1
Malware Config
Extracted
lokibot
http://lmpulsefashion.net/chief/boss/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Swift_INV0880021152020.xlsx
-
Size
2.3MB
-
MD5
4b4cee24aa613f71e4c48f872fcde74e
-
SHA1
5e720a0637ef8395ab5ef2656a5c9732828ee731
-
SHA256
619a1fe68a1abdabd1b77f4bf3be91d5b5df789d9d941f3fe69ac201935cc1e6
-
SHA512
1403b862fa5da81373443ac1510455ebaa61102f7c3a5fee694adcfc77993adfc67861a393a5ee15ef9e7a0a266936979700bf7d441c953a18c6519af9ed14c2
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-