General
-
Target
PR_A1191-04052021.xlsx
-
Size
2.1MB
-
Sample
210408-a4sqasxxk6
-
MD5
7c87ef46e0285586d13ae8c4837b43b2
-
SHA1
34e125247aee2ff663f7fcae715dc87dc08f8ee9
-
SHA256
bd7c85d56fe722221c6b0d7e0c2c37e912f7b16a85dfd2d159c426b99e726ddd
-
SHA512
74f3c8d602383bdb86e00c93909aa82b2de682fb44d75275f12f75f6c2fa69757a4747e87d902a46430b8f04f118b0a4c6a9abd82c1326a21e0edfbd07bc3dbd
Static task
static1
Behavioral task
behavioral1
Sample
PR_A1191-04052021.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PR_A1191-04052021.xlsx
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://amrp.tw/ozi/gate.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PR_A1191-04052021.xlsx
-
Size
2.1MB
-
MD5
7c87ef46e0285586d13ae8c4837b43b2
-
SHA1
34e125247aee2ff663f7fcae715dc87dc08f8ee9
-
SHA256
bd7c85d56fe722221c6b0d7e0c2c37e912f7b16a85dfd2d159c426b99e726ddd
-
SHA512
74f3c8d602383bdb86e00c93909aa82b2de682fb44d75275f12f75f6c2fa69757a4747e87d902a46430b8f04f118b0a4c6a9abd82c1326a21e0edfbd07bc3dbd
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-