General
-
Target
New Order.doc
-
Size
42KB
-
Sample
230123-xe7snseg35
-
MD5
8ad8c615dab288132971594224aa8f4e
-
SHA1
dbd94f5775c44c674c2470e39e39bd60386b9740
-
SHA256
0edd773875311776998229b0609be9f287c37ca828b35f74c6c2f0cbdd99449f
-
SHA512
dfa228af6fecc10c8097dbb86ed6c05dff9cde4881b2e34387ed09e9ebad140ddcc96065cf41e05a2acfdac3efad07c7c064346aa00f5f45632d904fb5f6c9d3
-
SSDEEP
768:aFx0XaIsnPRIa4fwJM2Fx0XaIsnPRIa4fwJMTUjOlan0Sp3jfsFDs:af0Xvx3EM2f0Xvx3EMYjJVfsi
Static task
static1
Behavioral task
behavioral1
Sample
New Order.rtf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
New Order.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
New Order.doc
-
Size
42KB
-
MD5
8ad8c615dab288132971594224aa8f4e
-
SHA1
dbd94f5775c44c674c2470e39e39bd60386b9740
-
SHA256
0edd773875311776998229b0609be9f287c37ca828b35f74c6c2f0cbdd99449f
-
SHA512
dfa228af6fecc10c8097dbb86ed6c05dff9cde4881b2e34387ed09e9ebad140ddcc96065cf41e05a2acfdac3efad07c7c064346aa00f5f45632d904fb5f6c9d3
-
SSDEEP
768:aFx0XaIsnPRIa4fwJM2Fx0XaIsnPRIa4fwJMTUjOlan0Sp3jfsFDs:af0Xvx3EM2f0Xvx3EMYjJVfsi
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-