General
-
Target
new_order.doc.docx
-
Size
10KB
-
Sample
210421-fkdn2c39d6
-
MD5
eb9b4decb03b5c81b5f4c0cc9dd5758f
-
SHA1
22ee73cf80deaf3122cc4e9fd45b062f71b4e2f4
-
SHA256
ce47c3f3359a2f2dd2de306544df0e10cf5cefebfccf8d556432918622487f25
-
SHA512
f3baddcc36936c75ae6efc335db1bc53d6c9827c840dc34e1a9afe58a2dc9c1c285089986f165a2b0451eb1fb9a18d18143ef3f2c29b04aaccfb297f04c173ad
Static task
static1
Behavioral task
behavioral1
Sample
new_order.doc.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
new_order.doc.docx
Resource
win10v20210408
Malware Config
Extracted
http://bit.do/fQyhA
Extracted
lokibot
http://amrp.tw/kayo/gate.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
new_order.doc.docx
-
Size
10KB
-
MD5
eb9b4decb03b5c81b5f4c0cc9dd5758f
-
SHA1
22ee73cf80deaf3122cc4e9fd45b062f71b4e2f4
-
SHA256
ce47c3f3359a2f2dd2de306544df0e10cf5cefebfccf8d556432918622487f25
-
SHA512
f3baddcc36936c75ae6efc335db1bc53d6c9827c840dc34e1a9afe58a2dc9c1c285089986f165a2b0451eb1fb9a18d18143ef3f2c29b04aaccfb297f04c173ad
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-