General
-
Target
lokibot.doc.zip
-
Size
2.2MB
-
Sample
210314-f1nalaqzha
-
MD5
ab32d4c4901ac6f60b48a92b486290ec
-
SHA1
7dcdd8b33c81d57f913ab63824b06349a4a42c25
-
SHA256
d7bf92f0d786e8e83d58ea0925a6c8619f08d2e823717953cdebcc1ee716e3e7
-
SHA512
32accf33bd0e8bf449fa6d29433bddbf6591c89ce69e91901e0b433f9faf8e09b5202a68015fb314bea1a14259bf46d121b375eafe7c31e00c940a8c39d1e1df
Static task
static1
Behavioral task
behavioral1
Sample
lokibot.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
lokibot.doc
Resource
win10v20201028
Malware Config
Extracted
remcos
eventsbypearce.host:2580
Targets
-
-
Target
lokibot.doc
-
Size
3.6MB
-
MD5
344bd19acdaf2557abdb66a2c88a3680
-
SHA1
0aa0a31b77e26a71e1e35081bbc6cfbe245f4241
-
SHA256
2ec1e4844941e4fb73e64732da4d6eede18abf02ec70ae9a2e97d3e2b9ca51fc
-
SHA512
d9d4e7870113576a54ab30543989a3b7856ba35b8f377f7f1d098eb7e37b2dac2910c20bab0d42d296ff79235976030bab62003cff4b26b62a3df5dda9f222a6
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-