General
-
Target
155e4d6d2481e2e2fa2947bbb0cf1a73.bin
-
Size
15KB
-
Sample
230120-qedq9sah26
-
MD5
6246b5d061015e3ac5304511b684b04b
-
SHA1
5c9207ccc0b725183f96a70ba99385bf6e55e749
-
SHA256
5edd994e9db5ecd49caea2db2d0372ab4b6f5acd01ad876a806f33f9a0f491d7
-
SHA512
c78dbdb76f385f515ad227e084abebf7276852997b3f8139ddba491c5cba2c71418d3df235605a2f44b668c465aa56148395d58e65ef6a83649a3338e18005b6
-
SSDEEP
192:d9klNT8RLMc0B5flQktTTiYG22iX5ICeUVJY7twVLrl1eXdH+uiuXLHnPgmf7vPR:dUiLMc4btTe82IsoZkteHYnPh6pA
Static task
static1
Behavioral task
behavioral1
Sample
0f87271f442528f2631a92b0cf0d1f37e145f5cfc0c6c29bb5a6042657f14878.rtf
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
0f87271f442528f2631a92b0cf0d1f37e145f5cfc0c6c29bb5a6042657f14878.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0f87271f442528f2631a92b0cf0d1f37e145f5cfc0c6c29bb5a6042657f14878.doc
-
Size
32KB
-
MD5
155e4d6d2481e2e2fa2947bbb0cf1a73
-
SHA1
cc1e9b7f845116548045c17b455b33bcd36229e9
-
SHA256
0f87271f442528f2631a92b0cf0d1f37e145f5cfc0c6c29bb5a6042657f14878
-
SHA512
584c0f4a6d30da70db994aa82cbebadc810f344631d40bde4faaed5ab6ea33240401fd6af25ff6ad1adaef4f51c871b3fa67b61d59915e0e37c8d29a1505f1e4
-
SSDEEP
768:SFx0XaIsnPRIa4fwJMgotSfNTxAXqh9s53M33J:Sf0Xvx3EMgoUfs53MJ
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-