General
-
Target
65b56626ae18acca0542ed6349fe76ff.vbs
-
Size
159KB
-
Sample
221129-pxxfnada2x
-
MD5
5bc0dbb1d4f2c3ee0aaad47f123f95bb
-
SHA1
5aaf4ad4a1e1a4fa206b0034b5653e09c4715071
-
SHA256
792266a30b07db531fd65d979c4f91a271207eb2f3ffdee26f452ceba9af5349
-
SHA512
cd8e2c2b0a4e1631a30dfd6be8dc22da411704da116bbcafe68caaa3efefd6c2062f53e0b39bea81c50e473493868af3f1594cc21f25417bac202bf149e8d0ae
-
SSDEEP
3072:oHGRwfkYFEhNe4VTdRnTT8w4TWXZqvcjk:7wfkYFYZqvcw
Static task
static1
Behavioral task
behavioral1
Sample
65b56626ae18acca0542ed6349fe76ff.vbs
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
65b56626ae18acca0542ed6349fe76ff.vbs
Resource
win10v2004-20220901-en
Malware Config
Extracted
http://4.204.233.44/dll/NoStartUp.ppam
Extracted
lokibot
http://cantebo.buzz/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
65b56626ae18acca0542ed6349fe76ff.vbs
-
Size
159KB
-
MD5
5bc0dbb1d4f2c3ee0aaad47f123f95bb
-
SHA1
5aaf4ad4a1e1a4fa206b0034b5653e09c4715071
-
SHA256
792266a30b07db531fd65d979c4f91a271207eb2f3ffdee26f452ceba9af5349
-
SHA512
cd8e2c2b0a4e1631a30dfd6be8dc22da411704da116bbcafe68caaa3efefd6c2062f53e0b39bea81c50e473493868af3f1594cc21f25417bac202bf149e8d0ae
-
SSDEEP
3072:oHGRwfkYFEhNe4VTdRnTT8w4TWXZqvcjk:7wfkYFYZqvcw
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-