General
-
Target
1b91a9d902d2d5c7f9c094955a1537f4.rtf
-
Size
21KB
-
Sample
230328-lz3hxaca7w
-
MD5
1b91a9d902d2d5c7f9c094955a1537f4
-
SHA1
5be78c40823d48f69824fc1f86e77abf8660e766
-
SHA256
eae28676b3f41e57ff75b2c209f76904e1e82bc2007093dde99df753d7e4fc52
-
SHA512
825248d3eb1aea7ebfb329c0bc88fee6a277218e265d0ae2df5420e13503a8684bbe9c95130778b49bacf0bcb8d8281d65796a09bedaa10935b80dd25310c436
-
SSDEEP
384:j6fRQYsrVKf2u2w03U6IuSQJEKr8iJFYPVnGivEGxRSmSVgwONK8d9b5B+vHDtwV:j+QQ2w0FIuSQJEKgiJFYEivPRSmSVtRa
Static task
static1
Behavioral task
behavioral1
Sample
1b91a9d902d2d5c7f9c094955a1537f4.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1b91a9d902d2d5c7f9c094955a1537f4.rtf
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
https://sempersim.su/ha25/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1b91a9d902d2d5c7f9c094955a1537f4.rtf
-
Size
21KB
-
MD5
1b91a9d902d2d5c7f9c094955a1537f4
-
SHA1
5be78c40823d48f69824fc1f86e77abf8660e766
-
SHA256
eae28676b3f41e57ff75b2c209f76904e1e82bc2007093dde99df753d7e4fc52
-
SHA512
825248d3eb1aea7ebfb329c0bc88fee6a277218e265d0ae2df5420e13503a8684bbe9c95130778b49bacf0bcb8d8281d65796a09bedaa10935b80dd25310c436
-
SSDEEP
384:j6fRQYsrVKf2u2w03U6IuSQJEKr8iJFYPVnGivEGxRSmSVgwONK8d9b5B+vHDtwV:j+QQ2w0FIuSQJEKgiJFYEivPRSmSVtRa
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-