General
-
Target
1092991 JB082.xlsx
-
Size
1.4MB
-
Sample
210118-ljqvgt88xa
-
MD5
30d056194fe01f23c8c2641efd5ac6a9
-
SHA1
48f7b214956d66749cd837e1ba928ff4659154ac
-
SHA256
e87cc5f8980e2d0195de7dbce6d4efa8b4fecec5eb1c169497a3bd191029c49e
-
SHA512
de700d174f6817ac84eec3e232273b9da32b58b3288a30602949654d36acac8f92b5e74843623baa3f8759dd9a60844df4cb33d1b1bee083a660fd300568566b
Static task
static1
Behavioral task
behavioral1
Sample
1092991 JB082.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1092991 JB082.xlsx
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://okpana.com/chief/kev/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1092991 JB082.xlsx
-
Size
1.4MB
-
MD5
30d056194fe01f23c8c2641efd5ac6a9
-
SHA1
48f7b214956d66749cd837e1ba928ff4659154ac
-
SHA256
e87cc5f8980e2d0195de7dbce6d4efa8b4fecec5eb1c169497a3bd191029c49e
-
SHA512
de700d174f6817ac84eec3e232273b9da32b58b3288a30602949654d36acac8f92b5e74843623baa3f8759dd9a60844df4cb33d1b1bee083a660fd300568566b
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-