General
-
Target
PI_63455MV_REVISED.xlsx
-
Size
2.4MB
-
Sample
210422-aplzlqfe1j
-
MD5
74d534b81810367dc68209131623d4d0
-
SHA1
f0279dc293f7121faf24705fa486ee4673b50143
-
SHA256
74e1f1b8d261a8b6129d4db04097d017b9fc9a55b87024e5c5b2474f6aba904b
-
SHA512
97f79b3da2599169ad5e74091076d3082cb13d2d731ffa4c2f5698f980b28463f3756eaf6ddd41f30316190b3761c4197da94deebfa825a1108674a456f2f241
Static task
static1
Behavioral task
behavioral1
Sample
PI_63455MV_REVISED.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PI_63455MV_REVISED.xlsx
Resource
win10v20210408
Malware Config
Extracted
lokibot
http://issth.com/chief/dav/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PI_63455MV_REVISED.xlsx
-
Size
2.4MB
-
MD5
74d534b81810367dc68209131623d4d0
-
SHA1
f0279dc293f7121faf24705fa486ee4673b50143
-
SHA256
74e1f1b8d261a8b6129d4db04097d017b9fc9a55b87024e5c5b2474f6aba904b
-
SHA512
97f79b3da2599169ad5e74091076d3082cb13d2d731ffa4c2f5698f980b28463f3756eaf6ddd41f30316190b3761c4197da94deebfa825a1108674a456f2f241
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-