General
-
Target
PAYMENT ADVICE.xls
-
Size
1.2MB
-
Sample
230130-jt68sshf77
-
MD5
a1333cf1f72034cb2556139964725339
-
SHA1
43a9ef1473b29f19f3cbd2f5c4b2350c646f26b3
-
SHA256
078023d375daed4c5cd65c8518fad6a7780ff8d8750c2008c33e4118850ba894
-
SHA512
56b52b8357587b338d6f150af8e5467a6623cae0c1118d9c13d2b7c22b03948af74d8f49ecdb6bf14cc575ef505f17af8b4f9942668fe95a3269e98c1c9057c3
-
SSDEEP
24576:fLKMZyOZy8LKNZyUZyWQ8ToH0ctmnAoNj:fLK+5zLK3LXjTwtmPN
Behavioral task
behavioral1
Sample
PAYMENT ADVICE.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PAYMENT ADVICE.xls
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://208.67.105.148/fresh2/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PAYMENT ADVICE.xls
-
Size
1.2MB
-
MD5
a1333cf1f72034cb2556139964725339
-
SHA1
43a9ef1473b29f19f3cbd2f5c4b2350c646f26b3
-
SHA256
078023d375daed4c5cd65c8518fad6a7780ff8d8750c2008c33e4118850ba894
-
SHA512
56b52b8357587b338d6f150af8e5467a6623cae0c1118d9c13d2b7c22b03948af74d8f49ecdb6bf14cc575ef505f17af8b4f9942668fe95a3269e98c1c9057c3
-
SSDEEP
24576:fLKMZyOZy8LKNZyUZyWQ8ToH0ctmnAoNj:fLK+5zLK3LXjTwtmPN
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-