General
-
Target
6C36A0686443954B81F75FA2E931CCA5DB4973A62DACE0C5E24561193ED1002E
-
Size
848KB
-
Sample
221123-r1tv2sda3z
-
MD5
2c4a5deaf2031f371d858aab1f25c16e
-
SHA1
f424c1371af1b49b3a2566d03bd0101e8bae4623
-
SHA256
6c36a0686443954b81f75fa2e931cca5db4973a62dace0c5e24561193ed1002e
-
SHA512
c7d960711eecff4ab579277c9d48908d499b20404cbd59b5bc0a559ffe6786137ea44c239580f6f6a1aa092f27ba5ca332b0fddcee725b4110003cdf7d359035
-
SSDEEP
24576:dr5XXXXXXXXXXXXUXXXXXXXrXXXXXXXXYCmUr5XXXXXXXXXXXXUXXXXXXXrXXXXc:5cXUy
Static task
static1
Behavioral task
behavioral1
Sample
6C36A0686443954B81F75FA2E931CCA5DB4973A62DACE0C5E24561193ED1002E.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6C36A0686443954B81F75FA2E931CCA5DB4973A62DACE0C5E24561193ED1002E.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://sempersim.su/gl12/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6C36A0686443954B81F75FA2E931CCA5DB4973A62DACE0C5E24561193ED1002E
-
Size
848KB
-
MD5
2c4a5deaf2031f371d858aab1f25c16e
-
SHA1
f424c1371af1b49b3a2566d03bd0101e8bae4623
-
SHA256
6c36a0686443954b81f75fa2e931cca5db4973a62dace0c5e24561193ed1002e
-
SHA512
c7d960711eecff4ab579277c9d48908d499b20404cbd59b5bc0a559ffe6786137ea44c239580f6f6a1aa092f27ba5ca332b0fddcee725b4110003cdf7d359035
-
SSDEEP
24576:dr5XXXXXXXXXXXXUXXXXXXXrXXXXXXXXYCmUr5XXXXXXXXXXXXUXXXXXXXrXXXXc:5cXUy
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-