General
-
Target
8873686332.zip
-
Size
12KB
-
Sample
230126-t3y9naed62
-
MD5
d704e3230be58ebd92db0ee2f032f693
-
SHA1
b183c4191088aa9f056a5b91550121fda7a82568
-
SHA256
def4491637f82805f8bd62c5ac098b334b87c0fd920c3cbc934a37217504e91d
-
SHA512
7b1ad0f4adf73c26ff2a4e862490a58ed1ba508a5982115bb942818afaf4065fcb0de944004f10d59e11e049a91f32a02d945d57a9a42d6489281dbc6f7f1a4b
-
SSDEEP
384:oikZiZ2RKFxCnezbh/5DXhZ7mNdRJbaRZOmcL:opw2RYjfLIdRJ8tcL
Static task
static1
Behavioral task
behavioral1
Sample
4e1c9dafeb733168680cfb000a4bf023e0851b1ee250dcf66677ff92cfa7387d.rtf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4e1c9dafeb733168680cfb000a4bf023e0851b1ee250dcf66677ff92cfa7387d.rtf
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4e1c9dafeb733168680cfb000a4bf023e0851b1ee250dcf66677ff92cfa7387d
-
Size
23KB
-
MD5
f84ce914a6c913fd32119823d456b5d2
-
SHA1
9d9c7ae03fb2ae3c1bd86077008e95a982a0471a
-
SHA256
4e1c9dafeb733168680cfb000a4bf023e0851b1ee250dcf66677ff92cfa7387d
-
SHA512
93eddabf951fca0a3945611fc8380743cb13a4256804b976d46d551e48cbf7ef7ef728fa6f9f759be3e993ea72282442ab05da91a603ee626083c63a2fd1ad70
-
SSDEEP
384:KQMmdOFNYY0aaaIswqPeOrka1+fHQJ+t3rQkRhZ4y4hPTORhvw5MZKlNTd:GFx0XaIsnPRIa4fwJMfu6RhwuW5
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-