General
-
Target
bf9d5514112336ab60094ad3098bbc25.rtf
-
Size
15KB
-
Sample
230208-asb7lagd49
-
MD5
bf9d5514112336ab60094ad3098bbc25
-
SHA1
aac0e12682cb89025ca8d458716b1113386e34e8
-
SHA256
32c600a3406f52efc6a9abbc5498adbef9feabff7cd3f4a7cc43c01abd748bfc
-
SHA512
93585215520e252b180ac2540ed3e04e32c81af7f3c19de3604ced21ef5145f51f135d50c97e32628fc514031c75638aa732505b45e4e64965f389b3b777db37
-
SSDEEP
384:9kgu4sc1GPBpdcM0iEO1YDp1LeGMSelurq5gEAFT8:OksoGPBpdc1FpTMdurq5gEYT8
Static task
static1
Behavioral task
behavioral1
Sample
bf9d5514112336ab60094ad3098bbc25.rtf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
bf9d5514112336ab60094ad3098bbc25.rtf
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
bf9d5514112336ab60094ad3098bbc25.rtf
-
Size
15KB
-
MD5
bf9d5514112336ab60094ad3098bbc25
-
SHA1
aac0e12682cb89025ca8d458716b1113386e34e8
-
SHA256
32c600a3406f52efc6a9abbc5498adbef9feabff7cd3f4a7cc43c01abd748bfc
-
SHA512
93585215520e252b180ac2540ed3e04e32c81af7f3c19de3604ced21ef5145f51f135d50c97e32628fc514031c75638aa732505b45e4e64965f389b3b777db37
-
SSDEEP
384:9kgu4sc1GPBpdcM0iEO1YDp1LeGMSelurq5gEAFT8:OksoGPBpdc1FpTMdurq5gEYT8
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-