General
-
Target
83caf8c3bb6dad10656c6452d070a17e71a030cb.docx
-
Size
10KB
-
Sample
210624-dy5knfajqj
-
MD5
9e7b6d8be08b8b2557cb87a90cd931b9
-
SHA1
83caf8c3bb6dad10656c6452d070a17e71a030cb
-
SHA256
e003fb7de75319cb0d30397adbf89bef53d8ccd44af2e9813c219b2571bad2d2
-
SHA512
31d563862adc199c0bcba52325264502e357a6e786835d3865ad916adb3ecb5cf3271b63d4e45a6becfe2521fc6abfa637f02cc76729ac9e2c28dc04c5ac3fdf
Static task
static1
Behavioral task
behavioral1
Sample
83caf8c3bb6dad10656c6452d070a17e71a030cb.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
83caf8c3bb6dad10656c6452d070a17e71a030cb.docx
Resource
win10v20210408
Malware Config
Extracted
https://itsssl.com/rzuDW
Extracted
lokibot
http://manvim.co/fd6/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
83caf8c3bb6dad10656c6452d070a17e71a030cb.docx
-
Size
10KB
-
MD5
9e7b6d8be08b8b2557cb87a90cd931b9
-
SHA1
83caf8c3bb6dad10656c6452d070a17e71a030cb
-
SHA256
e003fb7de75319cb0d30397adbf89bef53d8ccd44af2e9813c219b2571bad2d2
-
SHA512
31d563862adc199c0bcba52325264502e357a6e786835d3865ad916adb3ecb5cf3271b63d4e45a6becfe2521fc6abfa637f02cc76729ac9e2c28dc04c5ac3fdf
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-