General
-
Target
QUOTATION_23456.xls
-
Size
1.3MB
-
Sample
230328-g141xabb21
-
MD5
052e3ec118dfda0df463bd85853a8210
-
SHA1
c4b98bb4138b57b0c6e004bf2ce32a432b5a5bf3
-
SHA256
11c087d89a15a3d35b352967d16c19f816de81f9f7a8b62426526564b3cbcd22
-
SHA512
7fe2af2f0ff6551e035a10086185da08d90e99d91fff18b20b047202755e6f528b7b30a363474139faf8b89913eec88bf99276f153af22f89a098c5da1d9ed7c
-
SSDEEP
24576:rLKcSSMMednE3akAmmjmCakAmmjmt+MXURakAmmjmL+MXUGvmS2222222222222B:rLKQM8aaoxaaoa+MXyaaoQ+MXsP/S
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION_23456.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
QUOTATION_23456.xls
Resource
win10v2004-20230221-en
Malware Config
Extracted
lokibot
http://171.22.30.164/kung/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
QUOTATION_23456.xls
-
Size
1.3MB
-
MD5
052e3ec118dfda0df463bd85853a8210
-
SHA1
c4b98bb4138b57b0c6e004bf2ce32a432b5a5bf3
-
SHA256
11c087d89a15a3d35b352967d16c19f816de81f9f7a8b62426526564b3cbcd22
-
SHA512
7fe2af2f0ff6551e035a10086185da08d90e99d91fff18b20b047202755e6f528b7b30a363474139faf8b89913eec88bf99276f153af22f89a098c5da1d9ed7c
-
SSDEEP
24576:rLKcSSMMednE3akAmmjmCakAmmjmt+MXURakAmmjmL+MXUGvmS2222222222222B:rLKQM8aaoxaaoa+MXyaaoQ+MXsP/S
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-