General
-
Target
PR_A1191-04052021.xlsx
-
Size
2.1MB
-
Sample
210408-a4sqasxxk6
-
MD5
7c87ef46e0285586d13ae8c4837b43b2
-
SHA1
34e125247aee2ff663f7fcae715dc87dc08f8ee9
-
SHA256
bd7c85d56fe722221c6b0d7e0c2c37e912f7b16a85dfd2d159c426b99e726ddd
-
SHA512
74f3c8d602383bdb86e00c93909aa82b2de682fb44d75275f12f75f6c2fa69757a4747e87d902a46430b8f04f118b0a4c6a9abd82c1326a21e0edfbd07bc3dbd
Malware Config
Extracted
lokibot
http://amrp.tw/ozi/gate.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PR_A1191-04052021.xlsx
-
Size
2.1MB
-
MD5
7c87ef46e0285586d13ae8c4837b43b2
-
SHA1
34e125247aee2ff663f7fcae715dc87dc08f8ee9
-
SHA256
bd7c85d56fe722221c6b0d7e0c2c37e912f7b16a85dfd2d159c426b99e726ddd
-
SHA512
74f3c8d602383bdb86e00c93909aa82b2de682fb44d75275f12f75f6c2fa69757a4747e87d902a46430b8f04f118b0a4c6a9abd82c1326a21e0edfbd07bc3dbd
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-