General
-
Target
MV SYROS ISLAND.xlsx
-
Size
441KB
-
Sample
211029-kke9dshfhp
-
MD5
bcaf06dc176c435ff3e569e9f296f8d5
-
SHA1
9d18f3b980dabe7aa1ea50313b18a9bf19551616
-
SHA256
4541687d828cff421786a7293db48eb834902b486438f581f60ca1df041b873b
-
SHA512
4b6c31bc7ea001a9c4fe197272e8ade680b10fdde067a18cf9007a8732e32c97d4b1cf17a29921517cf97c5b3c397f8ac88b24866e8b72432099d4c027981e21
Static task
static1
Behavioral task
behavioral1
Sample
MV SYROS ISLAND.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
MV SYROS ISLAND.xlsx
Resource
win10-en-20211014
Malware Config
Extracted
lokibot
http://secure01-redirect.net/ga20/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
MV SYROS ISLAND.xlsx
-
Size
441KB
-
MD5
bcaf06dc176c435ff3e569e9f296f8d5
-
SHA1
9d18f3b980dabe7aa1ea50313b18a9bf19551616
-
SHA256
4541687d828cff421786a7293db48eb834902b486438f581f60ca1df041b873b
-
SHA512
4b6c31bc7ea001a9c4fe197272e8ade680b10fdde067a18cf9007a8732e32c97d4b1cf17a29921517cf97c5b3c397f8ac88b24866e8b72432099d4c027981e21
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-