General
-
Target
MV WORLD SPIRIT.docx
-
Size
10KB
-
Sample
210728-nzlx6m8nmj
-
MD5
283a754d78b60260fc77d34930fc760d
-
SHA1
fdd2639c80e8189a3ae7556237d8ef969754018c
-
SHA256
b2eb095f777a797a631364371c0c76ea658b1a5fe10ceab8190dd8efea24bac8
-
SHA512
e84b3ddbd160070959e2aa2d089d377af23242632e6422897490eaff030f8a7578468c410854989edf3b1f14527129288604d2cbcb806c7812f4d66c8f4e5e07
Static task
static1
Behavioral task
behavioral1
Sample
MV WORLD SPIRIT.docx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
MV WORLD SPIRIT.docx
Resource
win10v20210410
Malware Config
Extracted
https://upurl.me/t6qc0
Extracted
lokibot
http://manvim.co/fd11/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
MV WORLD SPIRIT.docx
-
Size
10KB
-
MD5
283a754d78b60260fc77d34930fc760d
-
SHA1
fdd2639c80e8189a3ae7556237d8ef969754018c
-
SHA256
b2eb095f777a797a631364371c0c76ea658b1a5fe10ceab8190dd8efea24bac8
-
SHA512
e84b3ddbd160070959e2aa2d089d377af23242632e6422897490eaff030f8a7578468c410854989edf3b1f14527129288604d2cbcb806c7812f4d66c8f4e5e07
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-