General
-
Target
MV OCEAN EXPLORER.xlsx
-
Size
229KB
-
Sample
211203-ltcejagack
-
MD5
3d83748b0ad16eb20da1f6a11cbfeb93
-
SHA1
5810148c5d1827fca5a1b69620e3d6141bfd307d
-
SHA256
0ab40fb35d7ecd43fc0a8dbea6973d9156efbf79a56838460bb4d0d5b81407c2
-
SHA512
6399cb7dcb5d2a4d7e2bf3fc4a4c9e1c16dc33546316bdaaddc21364a4e5790b359540b996d4750e2bb8d350cb2ac8ec09cd87b6bce497f95862bcf962201f58
Static task
static1
Behavioral task
behavioral1
Sample
MV OCEAN EXPLORER.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
MV OCEAN EXPLORER.xlsx
Resource
win10-en-20211104
Malware Config
Extracted
lokibot
http://secure01-redirect.net/gb7/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
MV OCEAN EXPLORER.xlsx
-
Size
229KB
-
MD5
3d83748b0ad16eb20da1f6a11cbfeb93
-
SHA1
5810148c5d1827fca5a1b69620e3d6141bfd307d
-
SHA256
0ab40fb35d7ecd43fc0a8dbea6973d9156efbf79a56838460bb4d0d5b81407c2
-
SHA512
6399cb7dcb5d2a4d7e2bf3fc4a4c9e1c16dc33546316bdaaddc21364a4e5790b359540b996d4750e2bb8d350cb2ac8ec09cd87b6bce497f95862bcf962201f58
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-