General
-
Target
Bill Of Lading.xlsx
-
Size
228KB
-
Sample
211207-nna1maghgn
-
MD5
daa0655651ec1c5e9ee0edafdfda77e4
-
SHA1
50a80e89561062e455360fe9370bef41950f037a
-
SHA256
f09b7be17b300230181650fd4ca21dea1c6949c794f8ffb132de526f70f8d58d
-
SHA512
cb7c2641e8b738584bd2c9e61b8489621b5d29951ac1840c21f522be1f048091cab5b68b9c865c5911f6c25f76848380744370682e7d4a5a199067f956756cd4
Static task
static1
Behavioral task
behavioral1
Sample
Bill Of Lading.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Bill Of Lading.xlsx
Resource
win10-en-20211104
Malware Config
Extracted
lokibot
http://63.250.34.171/tickets.php?id=542
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Bill Of Lading.xlsx
-
Size
228KB
-
MD5
daa0655651ec1c5e9ee0edafdfda77e4
-
SHA1
50a80e89561062e455360fe9370bef41950f037a
-
SHA256
f09b7be17b300230181650fd4ca21dea1c6949c794f8ffb132de526f70f8d58d
-
SHA512
cb7c2641e8b738584bd2c9e61b8489621b5d29951ac1840c21f522be1f048091cab5b68b9c865c5911f6c25f76848380744370682e7d4a5a199067f956756cd4
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-