General
-
Target
Request for Quotations.xlsx
-
Size
224KB
-
Sample
221004-jsn1tsacc4
-
MD5
1ecd5677bdbe462913c9f86083691a68
-
SHA1
e415a9e760777635000b0fff2fccdc606f3eea1d
-
SHA256
4eb2e88f3fff8c16d572b663f0a308d1d988860279b4f4120e67b7c2e5c3ebb4
-
SHA512
333636fc4eaa9721079b0579de4c920ad44fe02df9468d397d5bc8064e0249388f29efa4369f405947c817e929a5a179cc709ee785facd64b1a164ffd344844d
-
SSDEEP
6144:+ojGA57x8tQFb7mepx2qMPojnE617Mfpx3oH:nd8Wl5jR6AzZKf4
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotations.xlsx
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Request for Quotations.xlsx
Resource
win10v2004-20220901-en
Malware Config
Extracted
lokibot
http://162.0.223.13/?OpqycIYJoIxPvNI7mSRvpEdWbvlzd7L2wbAJUztih08MOR
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Request for Quotations.xlsx
-
Size
224KB
-
MD5
1ecd5677bdbe462913c9f86083691a68
-
SHA1
e415a9e760777635000b0fff2fccdc606f3eea1d
-
SHA256
4eb2e88f3fff8c16d572b663f0a308d1d988860279b4f4120e67b7c2e5c3ebb4
-
SHA512
333636fc4eaa9721079b0579de4c920ad44fe02df9468d397d5bc8064e0249388f29efa4369f405947c817e929a5a179cc709ee785facd64b1a164ffd344844d
-
SSDEEP
6144:+ojGA57x8tQFb7mepx2qMPojnE617Mfpx3oH:nd8Wl5jR6AzZKf4
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-