General
-
Target
payment receipt.xls
-
Size
1.1MB
-
Sample
230123-xe8pzaeg36
-
MD5
53a4e7a639e3bf137e774f213999bfd9
-
SHA1
2dea7560d48680d0cdbd5ec281a10d0daaf73e72
-
SHA256
6d60dd648580a7f4c65e6b7e695b1599aa696479fbe04867c78399f0ebf1feda
-
SHA512
5f9adf281c805549d542baf5bbd10bb992417e3f9a4f8e0743c2da93a819c21c556de1f3fdbaf7fcef348e670b60ab1f30b605904938b2ae3c1d672fb2450372
-
SSDEEP
24576:9Wm7+m7bZXXXXXXXXXXXXUXXXXXXXXXXXXXXrX5:
Behavioral task
behavioral1
Sample
payment receipt.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
payment receipt.xls
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
payment receipt.xls
-
Size
1.1MB
-
MD5
53a4e7a639e3bf137e774f213999bfd9
-
SHA1
2dea7560d48680d0cdbd5ec281a10d0daaf73e72
-
SHA256
6d60dd648580a7f4c65e6b7e695b1599aa696479fbe04867c78399f0ebf1feda
-
SHA512
5f9adf281c805549d542baf5bbd10bb992417e3f9a4f8e0743c2da93a819c21c556de1f3fdbaf7fcef348e670b60ab1f30b605904938b2ae3c1d672fb2450372
-
SSDEEP
24576:9Wm7+m7bZXXXXXXXXXXXXUXXXXXXXXXXXXXXrX5:
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-