General
-
Target
M.V. OMNI TIGRIS.xlsx
-
Size
2.4MB
-
Sample
210422-7wbswehgls
-
MD5
f2b5bbd42400e7c4b181d99ab1e75d92
-
SHA1
84054fced977eb7e9d2cd5675286b364e6b7d56d
-
SHA256
da60cfcd432612818f35da7974929c8c1eb1226be19b84bd319dcaddc1f9cf03
-
SHA512
9d2eaac66c7f6cf4286c55316ad0f4e096b49dcc4f1e35699cf6e47ab6c51421fd74dbb26f79c8835865c5b8315b5f30101c4155f9ad1f06be97184e8500a15a
Static task
static1
Behavioral task
behavioral1
Sample
M.V. OMNI TIGRIS.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
M.V. OMNI TIGRIS.xlsx
Resource
win10v20210410
Malware Config
Extracted
lokibot
http://amrp.tw/clue/gate.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
M.V. OMNI TIGRIS.xlsx
-
Size
2.4MB
-
MD5
f2b5bbd42400e7c4b181d99ab1e75d92
-
SHA1
84054fced977eb7e9d2cd5675286b364e6b7d56d
-
SHA256
da60cfcd432612818f35da7974929c8c1eb1226be19b84bd319dcaddc1f9cf03
-
SHA512
9d2eaac66c7f6cf4286c55316ad0f4e096b49dcc4f1e35699cf6e47ab6c51421fd74dbb26f79c8835865c5b8315b5f30101c4155f9ad1f06be97184e8500a15a
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-