General
-
Target
Offer from China.xlsx
-
Size
2.4MB
-
Sample
210422-j21y5q9vjx
-
MD5
ba4b37bd3627ee1f788e366d91c205e4
-
SHA1
73251986297cf7fc6947d8e10a54bd67790c3ee7
-
SHA256
38d6f393522f368761c577539c96abc6e14b04d76ea379f2a8eeddb542f0f997
-
SHA512
6415a52d63546d954855a33da5c918bad2bf190aa2b85d4c440590ade2f66d96aa6be91c3a9a1a9e889d811a5b29db23eba85f4a98036adc09bfaabc4b309e7d
Static task
static1
Behavioral task
behavioral1
Sample
Offer from China.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Offer from China.xlsx
Resource
win10v20210410
Malware Config
Extracted
lokibot
http://qrnigroup.xyz/chief/dv2/mcee/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Offer from China.xlsx
-
Size
2.4MB
-
MD5
ba4b37bd3627ee1f788e366d91c205e4
-
SHA1
73251986297cf7fc6947d8e10a54bd67790c3ee7
-
SHA256
38d6f393522f368761c577539c96abc6e14b04d76ea379f2a8eeddb542f0f997
-
SHA512
6415a52d63546d954855a33da5c918bad2bf190aa2b85d4c440590ade2f66d96aa6be91c3a9a1a9e889d811a5b29db23eba85f4a98036adc09bfaabc4b309e7d
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-