General
-
Target
MV LILY SEA.xlsx
-
Size
229KB
-
Sample
211125-vgv6jsfhcq
-
MD5
c5bae9f78dca220b86d7388b54a7d4c8
-
SHA1
2c32725996bfae991b564967deab362b65a4316c
-
SHA256
1c1deca91e28d12a059ff69ecf32b3ce37645423b14a866456c724b08c3deaa6
-
SHA512
fa1aa6118eb12609e4b015e28b626385546a841d8d9b3d83f0b2a3c6e25dbe851e02cde2378eb707650035c100f18d45e6321e3b6f9839387cdafc341e24bd81
Static task
static1
Behavioral task
behavioral1
Sample
MV LILY SEA.xlsx
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
MV LILY SEA.xlsx
Resource
win10-en-20211014
Malware Config
Extracted
lokibot
http://secure01-redirect.net/gb7/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
MV LILY SEA.xlsx
-
Size
229KB
-
MD5
c5bae9f78dca220b86d7388b54a7d4c8
-
SHA1
2c32725996bfae991b564967deab362b65a4316c
-
SHA256
1c1deca91e28d12a059ff69ecf32b3ce37645423b14a866456c724b08c3deaa6
-
SHA512
fa1aa6118eb12609e4b015e28b626385546a841d8d9b3d83f0b2a3c6e25dbe851e02cde2378eb707650035c100f18d45e6321e3b6f9839387cdafc341e24bd81
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-