General
-
Target
A230F0A094F4F90C0353688E60A8705B4396970DE6FE34C9C62C077003529DC7
-
Size
393KB
-
Sample
221123-r2taxadb5s
-
MD5
9433034c2cfa6b182409561cc01173fe
-
SHA1
9026d31a8fbffb73ee642cf42479a71e982eb4bc
-
SHA256
a230f0a094f4f90c0353688e60a8705b4396970de6fe34c9c62c077003529dc7
-
SHA512
7e841ba908930f92d317243a6e710b4baf823bacc0dbfe4ecfb06a6a7a9a5dba2ce569e4eba71dafef985e75bba1bdea299607a835ccb24dc736107407915cd0
-
SSDEEP
12288:OdNqrDx7XXXXXXXXXXXXUXXXXXXXrXXXXXXXXEmYjTm7TmD9JIxWZaTtg/g6Rm:tr5XXXXXXXXXXXXUXXXXXXXrXXXXXXX2
Static task
static1
Behavioral task
behavioral1
Sample
A230F0A094F4F90C0353688E60A8705B4396970DE6FE34C9C62C077003529DC7.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
A230F0A094F4F90C0353688E60A8705B4396970DE6FE34C9C62C077003529DC7.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://sempersim.su/gk22/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
A230F0A094F4F90C0353688E60A8705B4396970DE6FE34C9C62C077003529DC7
-
Size
393KB
-
MD5
9433034c2cfa6b182409561cc01173fe
-
SHA1
9026d31a8fbffb73ee642cf42479a71e982eb4bc
-
SHA256
a230f0a094f4f90c0353688e60a8705b4396970de6fe34c9c62c077003529dc7
-
SHA512
7e841ba908930f92d317243a6e710b4baf823bacc0dbfe4ecfb06a6a7a9a5dba2ce569e4eba71dafef985e75bba1bdea299607a835ccb24dc736107407915cd0
-
SSDEEP
12288:OdNqrDx7XXXXXXXXXXXXUXXXXXXXrXXXXXXXXEmYjTm7TmD9JIxWZaTtg/g6Rm:tr5XXXXXXXXXXXXUXXXXXXXrXXXXXXX2
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-