General
-
Target
Overdue_Invoice_2300492100_2300492101.xlsx
-
Size
2.3MB
-
Sample
210115-te5b33f452
-
MD5
d6bd4c2dbc112f42cf92bf59bd6aa1be
-
SHA1
f4947e410c7728dffe063ba7a1962862887bd85f
-
SHA256
bf2d74b1311d22739fa9ed518fd0a742e3304675863acba687cc4a10f1a1a010
-
SHA512
c66b1c3380f15c3ef41af11c44a204455c60a84b10cb55ae58f9f659f56ff7f5ecf62aa6ea4812d887402c1747946de77a6dd872fdc59283fb6214c63eebf800
Static task
static1
Behavioral task
behavioral1
Sample
Overdue_Invoice_2300492100_2300492101.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Overdue_Invoice_2300492100_2300492101.xlsx
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://lmpulsefashion.net/chief/kev/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Overdue_Invoice_2300492100_2300492101.xlsx
-
Size
2.3MB
-
MD5
d6bd4c2dbc112f42cf92bf59bd6aa1be
-
SHA1
f4947e410c7728dffe063ba7a1962862887bd85f
-
SHA256
bf2d74b1311d22739fa9ed518fd0a742e3304675863acba687cc4a10f1a1a010
-
SHA512
c66b1c3380f15c3ef41af11c44a204455c60a84b10cb55ae58f9f659f56ff7f5ecf62aa6ea4812d887402c1747946de77a6dd872fdc59283fb6214c63eebf800
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-