General
-
Target
Orden de compra #PO06709.vbs
-
Size
159KB
-
Sample
221128-nfzzsaab26
-
MD5
65b56626ae18acca0542ed6349fe76ff
-
SHA1
c92e5f8d159a4e1ce412797befdff22bd7225ec4
-
SHA256
52db0eced0eb323a27b9f1c3796c7d042e8384b52107c68309d1d9301274bdcf
-
SHA512
322c7fc69a1f1fac651807af02cf3cfd08a12bbae5cf2626f89d7509ee4cdc1171aca51c55ba3c4829703dc21755a2510f605bc736b96f097b9e9b963d6e9402
-
SSDEEP
3072:oHGRwfkYFEhNe4VTdRnTT8w4TWXZqvcjk:7wfkYFYZqvcw
Static task
static1
Behavioral task
behavioral1
Sample
Orden de compra #PO06709.vbs
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Orden de compra #PO06709.vbs
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://4.204.233.44/dll/NoStartUp.ppam
Extracted
lokibot
http://cantebo.buzz/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Orden de compra #PO06709.vbs
-
Size
159KB
-
MD5
65b56626ae18acca0542ed6349fe76ff
-
SHA1
c92e5f8d159a4e1ce412797befdff22bd7225ec4
-
SHA256
52db0eced0eb323a27b9f1c3796c7d042e8384b52107c68309d1d9301274bdcf
-
SHA512
322c7fc69a1f1fac651807af02cf3cfd08a12bbae5cf2626f89d7509ee4cdc1171aca51c55ba3c4829703dc21755a2510f605bc736b96f097b9e9b963d6e9402
-
SSDEEP
3072:oHGRwfkYFEhNe4VTdRnTT8w4TWXZqvcjk:7wfkYFYZqvcw
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-