General
-
Target
PL_017542000.doc
-
Size
467KB
-
Sample
210511-95fy3g9l4e
-
MD5
f4e2b625051dd9283bbec085e56d0ab1
-
SHA1
118cae287ef1505bf04f75d5811c340ea01fa949
-
SHA256
f6e0f11f26c59925ad1bd23c4dc586de71af0863d7273ad41a17efd92384167c
-
SHA512
05b3d3e1181265359cd1264f3d9b07f5d04da696791877c98f5a9a437aba4e00b35e231c76b3f7a948fd5bf1794ca1d807a04b44a523ca378971986056b98c2b
Static task
static1
Behavioral task
behavioral1
Sample
PL_017542000.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PL_017542000.doc
Resource
win10v20210410
Malware Config
Extracted
lokibot
http://209.141.50.70/D3/13/pin.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PL_017542000.doc
-
Size
467KB
-
MD5
f4e2b625051dd9283bbec085e56d0ab1
-
SHA1
118cae287ef1505bf04f75d5811c340ea01fa949
-
SHA256
f6e0f11f26c59925ad1bd23c4dc586de71af0863d7273ad41a17efd92384167c
-
SHA512
05b3d3e1181265359cd1264f3d9b07f5d04da696791877c98f5a9a437aba4e00b35e231c76b3f7a948fd5bf1794ca1d807a04b44a523ca378971986056b98c2b
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-