General
-
Target
32c600a3406f52efc6a9abbc5498adbef9feabff7cd3f4a7cc43c01abd748bfc.zip
-
Size
10KB
-
Sample
230208-ly97csab56
-
MD5
f1c08c80af969addc19d6056b8671072
-
SHA1
e2c0639fdbfc7f39702594630bdddb222dd27e89
-
SHA256
0e2d54c6e6a2ab4bee69f2b66a95f36a1345cb140e7705e89e67d17096424b55
-
SHA512
d571bbdade5d51b61501707026b4a9e477fcd74dde538d3645da0466d842bba36ed85260cf36be4382842522f0ca26536a52cdcc07aa4aedcf5b72a92f077e0f
-
SSDEEP
192:3cde6o5ch6j7USZHORLQjetSNK2YXm8cfiQInrlsyE2pDuOF3FnjHwYSZ0o6w0pt:MdeQhA7USZH4VINK2YXm8VnraIpDuOFN
Static task
static1
Behavioral task
behavioral1
Sample
32c600a3406f52efc6a9abbc5498adbef9feabff7cd3f4a7cc43c01abd748bfc.rtf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
32c600a3406f52efc6a9abbc5498adbef9feabff7cd3f4a7cc43c01abd748bfc.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
32c600a3406f52efc6a9abbc5498adbef9feabff7cd3f4a7cc43c01abd748bfc.rtf
-
Size
15KB
-
MD5
bf9d5514112336ab60094ad3098bbc25
-
SHA1
aac0e12682cb89025ca8d458716b1113386e34e8
-
SHA256
32c600a3406f52efc6a9abbc5498adbef9feabff7cd3f4a7cc43c01abd748bfc
-
SHA512
93585215520e252b180ac2540ed3e04e32c81af7f3c19de3604ced21ef5145f51f135d50c97e32628fc514031c75638aa732505b45e4e64965f389b3b777db37
-
SSDEEP
384:9kgu4sc1GPBpdcM0iEO1YDp1LeGMSelurq5gEAFT8:OksoGPBpdc1FpTMdurq5gEYT8
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-