General
-
Target
lod2.xlsx
-
Size
332KB
-
Sample
211014-gvq7vsgbfk
-
MD5
c3eeffbbfc4bb5fc7828b4950fd1b0d0
-
SHA1
811fd062284173b6ae17a99d8e1eb8503408262a
-
SHA256
8db5e29cf863c693798285ce16a4d0bb918583523532d1e79d950c28352f6fe2
-
SHA512
d3f238c21ee95bb1b6caf7ca4252f52e5dc0bdf04bce8ba7688e039dd07fb6afbbd84a6394d1d5b9bf7aad08fb8fd8acab2f444f4f787553d77afbc7f59db717
Static task
static1
Behavioral task
behavioral1
Sample
lod2.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
lod2.xlsx
Resource
win10v20210408
Malware Config
Extracted
lokibot
http://136.243.159.53/~element/page.php?id=501
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
lod2.xlsx
-
Size
332KB
-
MD5
c3eeffbbfc4bb5fc7828b4950fd1b0d0
-
SHA1
811fd062284173b6ae17a99d8e1eb8503408262a
-
SHA256
8db5e29cf863c693798285ce16a4d0bb918583523532d1e79d950c28352f6fe2
-
SHA512
d3f238c21ee95bb1b6caf7ca4252f52e5dc0bdf04bce8ba7688e039dd07fb6afbbd84a6394d1d5b9bf7aad08fb8fd8acab2f444f4f787553d77afbc7f59db717
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-