General
-
Target
Swift_INV0880021152020.doc
-
Size
6KB
-
Sample
210118-8qy8dxsb7x
-
MD5
d7df8a029d7851e26d5ee9115af4b40e
-
SHA1
549f56becc1a13209dc0f240e822794ab6b7592f
-
SHA256
f52b020e86065767d221b34d5aa8c0d794222336cd2c221ec13685e37a50de07
-
SHA512
bd354c9b7f04df8f49a4ab772ca027dfd4c8e77b17cb339a5791b14c53a37d2dcc1b4b286bb68ea92b5d63580366a16c3fd52b3d8ea4877126e4cb3f0f75548e
Static task
static1
Behavioral task
behavioral1
Sample
Swift_INV0880021152020.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Swift_INV0880021152020.doc
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://okpana.com/chief/boss/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Swift_INV0880021152020.doc
-
Size
6KB
-
MD5
d7df8a029d7851e26d5ee9115af4b40e
-
SHA1
549f56becc1a13209dc0f240e822794ab6b7592f
-
SHA256
f52b020e86065767d221b34d5aa8c0d794222336cd2c221ec13685e37a50de07
-
SHA512
bd354c9b7f04df8f49a4ab772ca027dfd4c8e77b17cb339a5791b14c53a37d2dcc1b4b286bb68ea92b5d63580366a16c3fd52b3d8ea4877126e4cb3f0f75548e
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-