General
-
Target
PROFORMANew PO N. FM 22062021.xlsx
-
Size
1.2MB
-
Sample
210624-r15w65gb2j
-
MD5
f61308f87b0af6dfc5433561025f9ab1
-
SHA1
ad4bd9e24ea51bc8d58dd38f628b69fb87476a5c
-
SHA256
b7ee3ada772d88b86d6f285aecbf7b0ab5273522af3766223b06c3163d48991c
-
SHA512
241e1abbb118053dc67b58fef842b8ad93391537da6f7e146ef27e39a03d693c2fcb749d393162a70cb46874e9c83447a74ded10c16eb4fb274c7a133d84fd95
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMANew PO N. FM 22062021.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PROFORMANew PO N. FM 22062021.xlsx
Resource
win10v20210408
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/S4wFP8QBww9Tp
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PROFORMANew PO N. FM 22062021.xlsx
-
Size
1.2MB
-
MD5
f61308f87b0af6dfc5433561025f9ab1
-
SHA1
ad4bd9e24ea51bc8d58dd38f628b69fb87476a5c
-
SHA256
b7ee3ada772d88b86d6f285aecbf7b0ab5273522af3766223b06c3163d48991c
-
SHA512
241e1abbb118053dc67b58fef842b8ad93391537da6f7e146ef27e39a03d693c2fcb749d393162a70cb46874e9c83447a74ded10c16eb4fb274c7a133d84fd95
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-