General
-
Target
Productlist014560-RFQ1111100010001.jar.docx
-
Size
10KB
-
Sample
210609-26w76fcv9x
-
MD5
ffde61c7250f2ad83febb03b28321b4c
-
SHA1
f37ff229c3e22cb00966eeb76d185a826b134fc1
-
SHA256
540b8aee7a87730cd824187ea04de1d6cafc7070ff9009d3aa60a8275cd4cdef
-
SHA512
c7f398a12fe7e27914cfdf45aaf16086dbabb91870ce0249c5122f95eaef432f3b8ea407e342bec8c1476ba6c299b3c630f219955088ee9a4a3091362ea68618
Static task
static1
Behavioral task
behavioral1
Sample
Productlist014560-RFQ1111100010001.jar.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Productlist014560-RFQ1111100010001.jar.docx
Resource
win10v20210410
Malware Config
Extracted
http://bit.do/fQZTV
Extracted
lokibot
http://manvim.co/bo/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Productlist014560-RFQ1111100010001.jar.docx
-
Size
10KB
-
MD5
ffde61c7250f2ad83febb03b28321b4c
-
SHA1
f37ff229c3e22cb00966eeb76d185a826b134fc1
-
SHA256
540b8aee7a87730cd824187ea04de1d6cafc7070ff9009d3aa60a8275cd4cdef
-
SHA512
c7f398a12fe7e27914cfdf45aaf16086dbabb91870ce0249c5122f95eaef432f3b8ea407e342bec8c1476ba6c299b3c630f219955088ee9a4a3091362ea68618
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-