General
-
Target
COAU7229898130.docx
-
Size
10KB
-
Sample
210617-hpxeg8smwn
-
MD5
df55074a5f0dba2b6f7b2ed4bd0601da
-
SHA1
017070ff75fcb217aa19ea0c8b198652945ce38f
-
SHA256
8e62450fb766f0cebe41c3492b79151a8ecdccdd491bf4c32cc4691948a0d020
-
SHA512
b6e5d88c7bb21d56922f4b269d130bd4c79a7b52f2d03eedcf191a88e0ad7ff7e98bf1df656fbde2ab04cb5e6a4f54fced47192e00718e1a6cdc98f7c44c43ec
Static task
static1
Behavioral task
behavioral1
Sample
COAU7229898130.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
COAU7229898130.docx
Resource
win10v20210410
Malware Config
Extracted
http://dummy_username@0147.0205.0152.0110/-................................................................-/--------------------.....................------------------.wbk
Extracted
lokibot
http://eyecos.ga/akin/gate.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
COAU7229898130.docx
-
Size
10KB
-
MD5
df55074a5f0dba2b6f7b2ed4bd0601da
-
SHA1
017070ff75fcb217aa19ea0c8b198652945ce38f
-
SHA256
8e62450fb766f0cebe41c3492b79151a8ecdccdd491bf4c32cc4691948a0d020
-
SHA512
b6e5d88c7bb21d56922f4b269d130bd4c79a7b52f2d03eedcf191a88e0ad7ff7e98bf1df656fbde2ab04cb5e6a4f54fced47192e00718e1a6cdc98f7c44c43ec
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-