General
-
Target
20e82801d2b5b859faab91680dbcb903.rtf
-
Size
14KB
-
Sample
230328-lzg7zaac85
-
MD5
20e82801d2b5b859faab91680dbcb903
-
SHA1
2d4582423a92e30747cc1a1b82bec6918ce97622
-
SHA256
cd14dbd23e95a17e028844bca91c696767a5b3aabda1dee33ca27d5f56b03649
-
SHA512
4e6a27304d0ce69fc903b34ae65cc85f2055c460648453a6b194bdcaf5eb98d94c586905e87be82d2ffe1fb36d40a215abceb1b4fd634b61becf1228b6d260f4
-
SSDEEP
384:KBCq44GTUygvrBDRjgnd1k3GXRRzpsO326wHA+jr:z79WDRcGI7m9/
Static task
static1
Behavioral task
behavioral1
Sample
20e82801d2b5b859faab91680dbcb903.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
20e82801d2b5b859faab91680dbcb903.rtf
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://171.22.30.164/china/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
20e82801d2b5b859faab91680dbcb903.rtf
-
Size
14KB
-
MD5
20e82801d2b5b859faab91680dbcb903
-
SHA1
2d4582423a92e30747cc1a1b82bec6918ce97622
-
SHA256
cd14dbd23e95a17e028844bca91c696767a5b3aabda1dee33ca27d5f56b03649
-
SHA512
4e6a27304d0ce69fc903b34ae65cc85f2055c460648453a6b194bdcaf5eb98d94c586905e87be82d2ffe1fb36d40a215abceb1b4fd634b61becf1228b6d260f4
-
SSDEEP
384:KBCq44GTUygvrBDRjgnd1k3GXRRzpsO326wHA+jr:z79WDRcGI7m9/
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-