General
-
Target
MT103 101T000000018.xlsx
-
Size
1.2MB
-
Sample
210727-s9vqd11ra2
-
MD5
7c13958c9636c3b2542a71d3eacf93b9
-
SHA1
61bab72e6b532ef51cfd36e7836c97b992e62fce
-
SHA256
0f77e014b10cc25d53aeb14e1eff9271f9b7f16aca4c196fc082dd3207191b28
-
SHA512
18f7820c0bde66589a0982ca3f570e6d56666215d32053a61cd8f42d2d13c145ac12b875937d4d2cbd07abe2a1d9514c9064a60c5d52d533b0ea461c25168ea8
Static task
static1
Behavioral task
behavioral1
Sample
MT103 101T000000018.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
MT103 101T000000018.xlsx
Resource
win10v20210410
Malware Config
Extracted
lokibot
http://asiatrans.cf/BN1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
MT103 101T000000018.xlsx
-
Size
1.2MB
-
MD5
7c13958c9636c3b2542a71d3eacf93b9
-
SHA1
61bab72e6b532ef51cfd36e7836c97b992e62fce
-
SHA256
0f77e014b10cc25d53aeb14e1eff9271f9b7f16aca4c196fc082dd3207191b28
-
SHA512
18f7820c0bde66589a0982ca3f570e6d56666215d32053a61cd8f42d2d13c145ac12b875937d4d2cbd07abe2a1d9514c9064a60c5d52d533b0ea461c25168ea8
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-