General
-
Target
$90,000 MT103 Copy.docx
-
Size
10KB
-
Sample
210611-e7jqhy4hga
-
MD5
0b52bc56b02374eb2752ae31d14c7372
-
SHA1
636aa83cedf2db41010e6416bf621c0c89aff45e
-
SHA256
761634c516d4a83a8745f99c197272c4e9a9473344c68c5c53397e4e2aff567f
-
SHA512
f8f2bf2594b4794d3811be34921e8dea10ce3bc90c5ad71855aa48d4a3a4bebff43531392bf7036326ac5043dca3c67214c8407fa3aaafc99286a245b021d0e0
Static task
static1
Behavioral task
behavioral1
Sample
$90,000 MT103 Copy.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
$90,000 MT103 Copy.docx
Resource
win10v20210408
Malware Config
Extracted
http://xy2.eu/e8ar
Extracted
lokibot
http://eyecos.ga/kung/gate.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
$90,000 MT103 Copy.docx
-
Size
10KB
-
MD5
0b52bc56b02374eb2752ae31d14c7372
-
SHA1
636aa83cedf2db41010e6416bf621c0c89aff45e
-
SHA256
761634c516d4a83a8745f99c197272c4e9a9473344c68c5c53397e4e2aff567f
-
SHA512
f8f2bf2594b4794d3811be34921e8dea10ce3bc90c5ad71855aa48d4a3a4bebff43531392bf7036326ac5043dca3c67214c8407fa3aaafc99286a245b021d0e0
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-