General
-
Target
IMG_50617.doc
-
Size
1.0MB
-
Sample
210118-w8s68c1k3n
-
MD5
40c731d1d1b148ae3a20a0ee33e93ded
-
SHA1
8f3bd8a07d5a352b6fffb13cb13c8846a67cff85
-
SHA256
bbe8328638e65517d387450d90b5e4b803bcdb1609315800d3542b754ff5c382
-
SHA512
badb844b99e27366a28bb27d09f2a6bb01374cc01382c3bd869f51ae0fe4ab3287a4c7864b7aa365a1407af20e2ff0d17b39c762494f10a1f68ce2343e61b593
Static task
static1
Behavioral task
behavioral1
Sample
IMG_50617.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
IMG_50617.doc
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://185.206.215.56/morx/1/cgi.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
IMG_50617.doc
-
Size
1.0MB
-
MD5
40c731d1d1b148ae3a20a0ee33e93ded
-
SHA1
8f3bd8a07d5a352b6fffb13cb13c8846a67cff85
-
SHA256
bbe8328638e65517d387450d90b5e4b803bcdb1609315800d3542b754ff5c382
-
SHA512
badb844b99e27366a28bb27d09f2a6bb01374cc01382c3bd869f51ae0fe4ab3287a4c7864b7aa365a1407af20e2ff0d17b39c762494f10a1f68ce2343e61b593
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-