General
-
Target
comelit-11-6-2021.docx
-
Size
10KB
-
Sample
210611-cn4gh59kge
-
MD5
7ec618424dde9f0e1231926610de9da5
-
SHA1
9470e089a9522160dd4d7d7bedb10815d1d4fd7e
-
SHA256
ecfd4ec8f98c8c1cb5e702151fd30df0036839a465ae692ef8bdf9adcec25123
-
SHA512
c206b9e2b991f960e005305850711f4c0c15788e808e61de16fe6b67beadb9880a3b026192da4cfd49c6fd0a8d54c0c00b23824b93e252a7b52777df8819d655
Static task
static1
Behavioral task
behavioral1
Sample
comelit-11-6-2021.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
comelit-11-6-2021.docx
Resource
win10v20210408
Malware Config
Extracted
http://xy2.eu/e8hE
Extracted
lokibot
http://manvim.co/bo/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
comelit-11-6-2021.docx
-
Size
10KB
-
MD5
7ec618424dde9f0e1231926610de9da5
-
SHA1
9470e089a9522160dd4d7d7bedb10815d1d4fd7e
-
SHA256
ecfd4ec8f98c8c1cb5e702151fd30df0036839a465ae692ef8bdf9adcec25123
-
SHA512
c206b9e2b991f960e005305850711f4c0c15788e808e61de16fe6b67beadb9880a3b026192da4cfd49c6fd0a8d54c0c00b23824b93e252a7b52777df8819d655
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-