General
-
Target
09e8530ee34bbf8a56ac3d8e688a5c8d79d28ada9eb9a5253dd57416322011ce.zip
-
Size
17KB
-
Sample
230208-ly8zashf4t
-
MD5
35cbc473a0d817ed91beed86e58a157c
-
SHA1
4a596684896b3dbc53c9255db36fa5b964543201
-
SHA256
ff0d952af3dcf4a5420255e100f1da43ae8b6699da7c3f103d0d1e5cdb8fe6a5
-
SHA512
0464d9d2f9c8acc339c61607286d86ca613f63fb9cb2a86548d2f85dd6b977b140c97a229bad660ac1e2c250c559567fbe83138f5673f0bfc14791ce00b91218
-
SSDEEP
384:NCiDhqJN5XkenKTtWHo2Q6ymrExCjdIPap+vgxTJT/tf8pTa:phqJN5XIhwoJ6bJJpTVWpm
Static task
static1
Behavioral task
behavioral1
Sample
09e8530ee34bbf8a56ac3d8e688a5c8d79d28ada9eb9a5253dd57416322011ce.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
09e8530ee34bbf8a56ac3d8e688a5c8d79d28ada9eb9a5253dd57416322011ce.rtf
Resource
win10v2004-20221111-en
Malware Config
Extracted
lokibot
http://185.246.220.85/davidhill/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
09e8530ee34bbf8a56ac3d8e688a5c8d79d28ada9eb9a5253dd57416322011ce.doc
-
Size
58KB
-
MD5
99ab551c6192ceb58cea0bac7f4ac455
-
SHA1
856f1b0f87aec5414c0636f07a9d67870b9e4652
-
SHA256
09e8530ee34bbf8a56ac3d8e688a5c8d79d28ada9eb9a5253dd57416322011ce
-
SHA512
ed40173cea14d5914b10677771073559ee9fc5fa180fb74a74e374dfbde408164b055c3b9807cfb9af049972d9d9cff28f3ec862cd72fe588c6478cb1ad74f31
-
SSDEEP
1536:8t3kvJ+fjdgWIHvzT8vm289cG5XcIppYwEB6O14DqNcnfJ+QaBK3z:w3kvJ+Z4rT8vm2lGSgpYwEgO1sqNcnfB
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-