General
-
Target
INVOICE OVERDUE.xls
-
Size
1.3MB
-
Sample
230130-nzl72abh2v
-
MD5
e10d662886606cced589afabf28a89fb
-
SHA1
194997b3d91442f682de1c25f0fc6860641d2b7f
-
SHA256
efaf0bdcc951c074d8d1e68522c8e4265fb1f9db4780791514c69f31a846abea
-
SHA512
0e3d68b03ecbe8224b72c4456fb0c3f68ce9190fd0cb85879bd82eaad2df9c31bcb8c91517e194a84450c49adcce674dd8e8c684bc77abcfcb0b51b6819b1744
-
SSDEEP
24576:FLKMZyOZy8LKNZyuZyyQ8ToA0cmmnAoN0Ym:FLK+5zLK3B7jT3mmPN
Behavioral task
behavioral1
Sample
INVOICE OVERDUE.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
INVOICE OVERDUE.xls
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://208.67.105.148/zang/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
INVOICE OVERDUE.xls
-
Size
1.3MB
-
MD5
e10d662886606cced589afabf28a89fb
-
SHA1
194997b3d91442f682de1c25f0fc6860641d2b7f
-
SHA256
efaf0bdcc951c074d8d1e68522c8e4265fb1f9db4780791514c69f31a846abea
-
SHA512
0e3d68b03ecbe8224b72c4456fb0c3f68ce9190fd0cb85879bd82eaad2df9c31bcb8c91517e194a84450c49adcce674dd8e8c684bc77abcfcb0b51b6819b1744
-
SSDEEP
24576:FLKMZyOZy8LKNZyuZyyQ8ToA0cmmnAoN0Ym:FLK+5zLK3B7jT3mmPN
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-