General
-
Target
0091.xlsx
-
Size
440KB
-
Sample
211027-l9ngqsacdn
-
MD5
5bd2669f2d54923e260039b16a99e1d5
-
SHA1
85b623744ba33a3c925da2c97b33addfbe19c9fd
-
SHA256
1e8a6b760390040c5a1ae9cf9e0d693462ee821efc4c78bef9e909431e60874c
-
SHA512
e292dfe847fd595fca66ab868fee33db7408e7dd2c250655e66acd14708bb7d7ffae70bbd3abb2231556c78ffad3f145bc8a9669fc9f1d82f218767d374c1383
Static task
static1
Behavioral task
behavioral1
Sample
0091.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
0091.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
lokibot
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0091.xlsx
-
Size
440KB
-
MD5
5bd2669f2d54923e260039b16a99e1d5
-
SHA1
85b623744ba33a3c925da2c97b33addfbe19c9fd
-
SHA256
1e8a6b760390040c5a1ae9cf9e0d693462ee821efc4c78bef9e909431e60874c
-
SHA512
e292dfe847fd595fca66ab868fee33db7408e7dd2c250655e66acd14708bb7d7ffae70bbd3abb2231556c78ffad3f145bc8a9669fc9f1d82f218767d374c1383
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-