General
-
Target
SOA #00776122.docx
-
Size
11KB
-
Sample
230220-czk47agg9x
-
MD5
92c58afe23acd76e5f0ab0c8f0f0394e
-
SHA1
319c1720352e2924c6630428b691ef8706731530
-
SHA256
82f786b26b47b6e60bed7d7aacf0dc221c6ad426554fec30fab21d59549e949c
-
SHA512
0b329608717007c410df29cf83d8b56f382e419499e8304ae5a91f5fc465a8399d932562f5e2d98fb863e78a3b20b4dda74e51665944823add61c5f2bcb8fb27
-
SSDEEP
192:CtNCWUyn0i13pNXqkOcPiYFLwzvdX6Ptpwjnw+umHBC0nVj:aNxUyn0i13LROEiOLkX6Ujnw+35Vj
Static task
static1
Behavioral task
behavioral1
Sample
SOA #00776122.docx
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SOA #00776122.docx
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://WEEEERRRRRRRRRRRPPPOOOOSSSSSSSOOOOOPPWEEEEEEEOOOOOOOCCVVVVVVVVOVVVVVVVVVVVVVVVVOOOOOO@3235029245/O__O.DOC
Extracted
lokibot
http://208.67.105.148/sung/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SOA #00776122.docx
-
Size
11KB
-
MD5
92c58afe23acd76e5f0ab0c8f0f0394e
-
SHA1
319c1720352e2924c6630428b691ef8706731530
-
SHA256
82f786b26b47b6e60bed7d7aacf0dc221c6ad426554fec30fab21d59549e949c
-
SHA512
0b329608717007c410df29cf83d8b56f382e419499e8304ae5a91f5fc465a8399d932562f5e2d98fb863e78a3b20b4dda74e51665944823add61c5f2bcb8fb27
-
SSDEEP
192:CtNCWUyn0i13pNXqkOcPiYFLwzvdX6Ptpwjnw+umHBC0nVj:aNxUyn0i13LROEiOLkX6Ujnw+35Vj
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-