General
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.21647.29852.rtf
-
Size
13KB
-
Sample
221004-t64csabee8
-
MD5
5f4e78396958c7e9add7060c17cd448d
-
SHA1
fbfdb89444e4bcec86d7599bf7c85c7f07f0bfc9
-
SHA256
2a871ffb84aa66cd0d0a2d030e979f35d0bc1f96fcb60248839dd9a488edd109
-
SHA512
95d275746255be6fb84065c0ed1c752850c3f41f95b21c69c74d707a752f7aa31eaf31004c3b3aa904c91be104a5208bd8f53423091c881070beaa09aa739197
-
SSDEEP
384:PylcKUzrrsbOTI+2tNttybiYZeDzD97aC6bShBuiFM:PyidzEk2ibPaD97R6yK
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.21647.29852.rtf
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.21647.29852.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://208.67.105.161/donstan/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.21647.29852.rtf
-
Size
13KB
-
MD5
5f4e78396958c7e9add7060c17cd448d
-
SHA1
fbfdb89444e4bcec86d7599bf7c85c7f07f0bfc9
-
SHA256
2a871ffb84aa66cd0d0a2d030e979f35d0bc1f96fcb60248839dd9a488edd109
-
SHA512
95d275746255be6fb84065c0ed1c752850c3f41f95b21c69c74d707a752f7aa31eaf31004c3b3aa904c91be104a5208bd8f53423091c881070beaa09aa739197
-
SSDEEP
384:PylcKUzrrsbOTI+2tNttybiYZeDzD97aC6bShBuiFM:PyidzEk2ibPaD97R6yK
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-