General
-
Target
220123-inv-224.docx.doc
-
Size
10KB
-
Sample
230126-jyt42ada64
-
MD5
4d7cd9c316e41723aa0608be0d4cabec
-
SHA1
10ac8d63174c933b7a9fead4944ac970dbead588
-
SHA256
18f5414d33aa5a3c6732944c7568747632f54409ead2b9204329b65dd5fb97d2
-
SHA512
7c388f98217a8beec736fdb607abaee00f7b7b32383d2e02343344d169d7856b71a435842bc73239e8494be201f8062ff428ea70558f09a1acf5398a5502c5b4
-
SSDEEP
192:ScIMmtP8ar5G/bfIdTOPVuSnamWBX8ex6y3KrN:SPXt4ATOPFnosMKZ
Static task
static1
Behavioral task
behavioral1
Sample
220123-inv-224.docx
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
220123-inv-224.docx
Resource
win10v2004-20221111-en
Malware Config
Extracted
http://1234567890OOOOOOOOOOOOOOOOOOOOOOO@3235029125/000000000_OOOOOOO_ooooooo_ooOOOOOOO_OOOOO/OOOOOOOO_OOOOOOO_OOO.doc
Extracted
lokibot
https://sempersim.su/ha1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
220123-inv-224.docx.doc
-
Size
10KB
-
MD5
4d7cd9c316e41723aa0608be0d4cabec
-
SHA1
10ac8d63174c933b7a9fead4944ac970dbead588
-
SHA256
18f5414d33aa5a3c6732944c7568747632f54409ead2b9204329b65dd5fb97d2
-
SHA512
7c388f98217a8beec736fdb607abaee00f7b7b32383d2e02343344d169d7856b71a435842bc73239e8494be201f8062ff428ea70558f09a1acf5398a5502c5b4
-
SSDEEP
192:ScIMmtP8ar5G/bfIdTOPVuSnamWBX8ex6y3KrN:SPXt4ATOPFnosMKZ
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-