General
-
Target
DH0238999742.vbs
-
Size
437KB
-
Sample
221004-j229taacd8
-
MD5
a28574570548d916d36ddfa0ab962548
-
SHA1
6b0da48289ca73aa1732d211544665ca5dcf6a25
-
SHA256
8b54fd4b6fd11853474de7367c7bde98e5472d20c8a04dbd2727f3884734f8ef
-
SHA512
a26bb1cb28ea4c68f9f7a7d96094b41c5dc56ce67ea4abe1ce26857c005c4e0f35a72494e458e4cf4a2aae53910e4b89d20bcf4f09116deef26fa64144930488
-
SSDEEP
48:kklC0eHz7/m7rJv4PsfbuUbNbbldQbWUSS/Pe20NrFR4PLEvvldI:nl+/mrOeqUZldQbAMPKNrY4vvldI
Static task
static1
Behavioral task
behavioral1
Sample
DH0238999742.vbs
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DH0238999742.vbs
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://20.7.14.99/dll/dll_ink.pdf
Extracted
lokibot
http://iklok.us/li/UN/cocacola.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DH0238999742.vbs
-
Size
437KB
-
MD5
a28574570548d916d36ddfa0ab962548
-
SHA1
6b0da48289ca73aa1732d211544665ca5dcf6a25
-
SHA256
8b54fd4b6fd11853474de7367c7bde98e5472d20c8a04dbd2727f3884734f8ef
-
SHA512
a26bb1cb28ea4c68f9f7a7d96094b41c5dc56ce67ea4abe1ce26857c005c4e0f35a72494e458e4cf4a2aae53910e4b89d20bcf4f09116deef26fa64144930488
-
SSDEEP
48:kklC0eHz7/m7rJv4PsfbuUbNbbldQbWUSS/Pe20NrFR4PLEvvldI:nl+/mrOeqUZldQbAMPKNrY4vvldI
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-