General
-
Target
USD75,905.00.xlsx
-
Size
441KB
-
Sample
211029-fqvttahcfq
-
MD5
c1b49b0ce85aba993644c87d3fda8d44
-
SHA1
5dee578419f9041690ed800e346e8414a18d0e4f
-
SHA256
a7b0a2f566c148c7312277e90895de644bc844276c2b81c6fbf97defd5ba7cf0
-
SHA512
ff403e31a7d34fe0821b2ace9d8c81cb58d542fa7a6b26dbe86df5212dac85850ba0db32d0e610971df9b7b0ee520473113222f1d754907f4370623909563df1
Static task
static1
Behavioral task
behavioral1
Sample
USD75,905.00.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
USD75,905.00.xlsx
Resource
win10-en-20211014
Malware Config
Extracted
lokibot
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
USD75,905.00.xlsx
-
Size
441KB
-
MD5
c1b49b0ce85aba993644c87d3fda8d44
-
SHA1
5dee578419f9041690ed800e346e8414a18d0e4f
-
SHA256
a7b0a2f566c148c7312277e90895de644bc844276c2b81c6fbf97defd5ba7cf0
-
SHA512
ff403e31a7d34fe0821b2ace9d8c81cb58d542fa7a6b26dbe86df5212dac85850ba0db32d0e610971df9b7b0ee520473113222f1d754907f4370623909563df1
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-