General
-
Target
MT103.docx
-
Size
10KB
-
Sample
210622-2ykmz3fyw6
-
MD5
fe5b477eb79cfd989a795ed9320f2e08
-
SHA1
8224cc1161660bf79c3648ee9dd5e10f475ee444
-
SHA256
1fb1fc6a0c468a93003ab6d6d1fb9b590a47b4f2712d430024ad63dd475c8418
-
SHA512
f95392b5104806b32a5104021f47eabd5b61120ac43ea267681150bb311a15ce0c9028cfb57cbc7e8eb444d1ecbae391b888c9bc92dfe34ba2918a4182a537cf
Static task
static1
Behavioral task
behavioral1
Sample
MT103.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
MT103.docx
Resource
win10v20210408
Malware Config
Extracted
https://windowsdefendercloudsettingsdummy_username@itsssl.com/liqwN
Extracted
lokibot
https://bnbrokenhead.cf/Bn4/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
MT103.docx
-
Size
10KB
-
MD5
fe5b477eb79cfd989a795ed9320f2e08
-
SHA1
8224cc1161660bf79c3648ee9dd5e10f475ee444
-
SHA256
1fb1fc6a0c468a93003ab6d6d1fb9b590a47b4f2712d430024ad63dd475c8418
-
SHA512
f95392b5104806b32a5104021f47eabd5b61120ac43ea267681150bb311a15ce0c9028cfb57cbc7e8eb444d1ecbae391b888c9bc92dfe34ba2918a4182a537cf
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-