General
-
Target
MVSEACON KOBE.xlsx
-
Size
349KB
-
Sample
211029-jzeqqshfdj
-
MD5
fc7daf6ca0e28139a632fd9c7dcd3fe1
-
SHA1
49b48b54c2bc7570db20c27890a2726cc55c90f5
-
SHA256
86104b114c8a2df3ff733fc9729d3c27953318807281735c21033705789d5a7b
-
SHA512
b7fba001505e4855b65b82512cd1c573e645aa1a81180ef31f24f4fa4c74256f19bddb0ce54477b772dedfd57a7afe6e83e9235240bac7af6dd7a90d978f6492
Static task
static1
Behavioral task
behavioral1
Sample
MVSEACON KOBE.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
MVSEACON KOBE.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
lokibot
http://secure01-redirect.net/ga18/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
MVSEACON KOBE.xlsx
-
Size
349KB
-
MD5
fc7daf6ca0e28139a632fd9c7dcd3fe1
-
SHA1
49b48b54c2bc7570db20c27890a2726cc55c90f5
-
SHA256
86104b114c8a2df3ff733fc9729d3c27953318807281735c21033705789d5a7b
-
SHA512
b7fba001505e4855b65b82512cd1c573e645aa1a81180ef31f24f4fa4c74256f19bddb0ce54477b772dedfd57a7afe6e83e9235240bac7af6dd7a90d978f6492
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-