General
-
Target
swift.xlsx
-
Size
1.2MB
-
Sample
210722-k482qka5r6
-
MD5
79cbe5c736dca5564640e51892f32c1b
-
SHA1
dca92a17d05be974c19ddea73ced3786d0eebe0f
-
SHA256
ceef223bf6dc75ffe9eb1af19d6d440b59def1fa06230ca79511eae1c155d37a
-
SHA512
09cfc9c650ac39e6f8963ddff58f4307b66ff8134406cbe9d676f4559f10c0aa0859c9d1ffb15d670bcc94dcde3959768f09a3a6fe2de7433bbdf21882226add
Static task
static1
Behavioral task
behavioral1
Sample
swift.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
swift.xlsx
Resource
win10v20210410
Malware Config
Extracted
lokibot
http://vikinproducts.com/Mrlogs/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
swift.xlsx
-
Size
1.2MB
-
MD5
79cbe5c736dca5564640e51892f32c1b
-
SHA1
dca92a17d05be974c19ddea73ced3786d0eebe0f
-
SHA256
ceef223bf6dc75ffe9eb1af19d6d440b59def1fa06230ca79511eae1c155d37a
-
SHA512
09cfc9c650ac39e6f8963ddff58f4307b66ff8134406cbe9d676f4559f10c0aa0859c9d1ffb15d670bcc94dcde3959768f09a3a6fe2de7433bbdf21882226add
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-