General
-
Target
RFQ No 02082023.xls
-
Size
1.6MB
-
Sample
230208-w9hatsec96
-
MD5
745a4b7c4e9cd37a507b5d32ff8cd11a
-
SHA1
f07d044b4dbf365bc57a77d12bc826dc31e748c9
-
SHA256
a44e96c70171ffeff132b26969d39022be8f8af214f6fef9bcee644417315220
-
SHA512
5fbb7dbc70a8f79573333462b6d0ba232db698a37c194ef05c357baf5ff5b273fac83f2a3f956ca8809d5df96475177c932a2c838ab1016bb27aa46ac0e33168
-
SSDEEP
24576:ALKsZyIZy5ZyWZy0ZyVZyMZyTZyodc/fEx5HfMazCawDEUdis:ALKepknF81eddkfKHUaTUd
Behavioral task
behavioral1
Sample
RFQ No 02082023.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
RFQ No 02082023.xls
Resource
win10v2004-20220901-en
Malware Config
Extracted
lokibot
http://171.22.30.147/line/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RFQ No 02082023.xls
-
Size
1.6MB
-
MD5
745a4b7c4e9cd37a507b5d32ff8cd11a
-
SHA1
f07d044b4dbf365bc57a77d12bc826dc31e748c9
-
SHA256
a44e96c70171ffeff132b26969d39022be8f8af214f6fef9bcee644417315220
-
SHA512
5fbb7dbc70a8f79573333462b6d0ba232db698a37c194ef05c357baf5ff5b273fac83f2a3f956ca8809d5df96475177c932a2c838ab1016bb27aa46ac0e33168
-
SSDEEP
24576:ALKsZyIZy5ZyWZy0ZyVZyMZyTZyodc/fEx5HfMazCawDEUdis:ALKepknF81eddkfKHUaTUd
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-