General
-
Target
PD3007800123.vbs
-
Size
219KB
-
Sample
221003-mee3jshdgm
-
MD5
d873de1b3b907887305e325426c407d5
-
SHA1
99c502d13b119a1b614f7384a3ba83fab10cd85d
-
SHA256
eedb863078dbdbd83a0d52d86dd779f27115360e17676e539602f4e1a8c9437c
-
SHA512
c4577d024fbbd2ea7b143d9780c7ca9f813f914c7d820151acfcc5ba7a92ebea832537a9847b5a7d203df6f00186be6d9bc5a26e515c705badeee985def3ffa1
-
SSDEEP
48:DVK0hbQvuivLvyvTxYvsvuiv7vu2vJR2vFvvvfv1KvFvDv2UfHvrvUvgYvc2vGgR:xKWdUIlVcWHfvGvXimF
Static task
static1
Behavioral task
behavioral1
Sample
PD3007800123.vbs
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PD3007800123.vbs
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://20.7.14.99/dll/dll_ink.pdf
Extracted
lokibot
http://iklok.us/li/UN/yours_me.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PD3007800123.vbs
-
Size
219KB
-
MD5
d873de1b3b907887305e325426c407d5
-
SHA1
99c502d13b119a1b614f7384a3ba83fab10cd85d
-
SHA256
eedb863078dbdbd83a0d52d86dd779f27115360e17676e539602f4e1a8c9437c
-
SHA512
c4577d024fbbd2ea7b143d9780c7ca9f813f914c7d820151acfcc5ba7a92ebea832537a9847b5a7d203df6f00186be6d9bc5a26e515c705badeee985def3ffa1
-
SSDEEP
48:DVK0hbQvuivLvyvTxYvsvuiv7vu2vJR2vFvvvfv1KvFvDv2UfHvrvUvgYvc2vGgR:xKWdUIlVcWHfvGvXimF
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-