General
-
Target
P.O #306078910.xls
-
Size
1.2MB
-
Sample
230130-nxwcxsbg9x
-
MD5
890afc70ec7cae0f37bf4c76ee9159a3
-
SHA1
b3d0a77786bfc53d8feb3fdd7d1522c489d5a442
-
SHA256
c6f3fefc6331b5ff0eb910aea106eed3eda8dd01e0137333637b6297e7182923
-
SHA512
da2fcd0baa9c9a59cedd7ce2eaef7ffc22a6dfe647c0178f4d33bf7aa383b67193ffcb5f20fb7cbc859a75a19b7e7cb64a33ad1b22b0de2204a087a7b34fa3c1
-
SSDEEP
24576:7LKMZyOZy8LKNZyUZypQ8ToH0ctmnAoNj:7LK+5zLK3LYjTwtmPN
Behavioral task
behavioral1
Sample
P.O #306078910.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
P.O #306078910.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://208.67.105.148/china/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
P.O #306078910.xls
-
Size
1.2MB
-
MD5
890afc70ec7cae0f37bf4c76ee9159a3
-
SHA1
b3d0a77786bfc53d8feb3fdd7d1522c489d5a442
-
SHA256
c6f3fefc6331b5ff0eb910aea106eed3eda8dd01e0137333637b6297e7182923
-
SHA512
da2fcd0baa9c9a59cedd7ce2eaef7ffc22a6dfe647c0178f4d33bf7aa383b67193ffcb5f20fb7cbc859a75a19b7e7cb64a33ad1b22b0de2204a087a7b34fa3c1
-
SSDEEP
24576:7LKMZyOZy8LKNZyUZypQ8ToH0ctmnAoNj:7LK+5zLK3LYjTwtmPN
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-