General
-
Target
DHL 7214306201.xls
-
Size
1.2MB
-
Sample
230130-nzl72abh2w
-
MD5
b617a312bf6377f84c5bb996602ad326
-
SHA1
e73a2817b786dd73873232e1c5d87d48053b04bd
-
SHA256
b68dd5b95d999bbbe68fe4a254a5cfa07c56facddc3641a366ad24488a6a7801
-
SHA512
e515fd7347308244c26ae4bead853cfc3e64b0682f326c923a7359dfd7a0e48490fd68b0341cb55da98030f6e16a0712e9eebb53e35ca7ddb1902a0822064ff4
-
SSDEEP
24576:GLKMZyOZy8LKNZyeZyMQ8ToW0cwmnAoNa:GLK+5zLK3hNjTVwmPN
Behavioral task
behavioral1
Sample
DHL 7214306201.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DHL 7214306201.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
http://171.22.30.147/line/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DHL 7214306201.xls
-
Size
1.2MB
-
MD5
b617a312bf6377f84c5bb996602ad326
-
SHA1
e73a2817b786dd73873232e1c5d87d48053b04bd
-
SHA256
b68dd5b95d999bbbe68fe4a254a5cfa07c56facddc3641a366ad24488a6a7801
-
SHA512
e515fd7347308244c26ae4bead853cfc3e64b0682f326c923a7359dfd7a0e48490fd68b0341cb55da98030f6e16a0712e9eebb53e35ca7ddb1902a0822064ff4
-
SSDEEP
24576:GLKMZyOZy8LKNZyeZyMQ8ToW0cwmnAoNa:GLK+5zLK3hNjTVwmPN
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-