General
-
Target
S3-QTLKT220413R.docx
-
Size
10KB
-
Sample
230404-rt28vahe31
-
MD5
e9bf75f68cf1cd02b4b9b7e6bcaca88d
-
SHA1
d9c326df06b90d796eb0a126c70967ab16d42c2e
-
SHA256
b59ed31e2aad9b4955f0dcc1f0e4aeef44f161a508bd408466c4495289462a6e
-
SHA512
031223688c3c18000a7d8cc91e205e7cb8e84d0946913ccec3f856f395c5d45d119b2ad9cc2d8ed438c81a96d51547d0556199c2bec565a2f94f8b8c7b28b25a
-
SSDEEP
192:ScIMmtPGT7G/bIwXOVOL5SEzBC4vNq6sM63OR:SPXuT+xXOVOVhlqH6
Static task
static1
Behavioral task
behavioral1
Sample
S3-QTLKT220413R.docx
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
S3-QTLKT220413R.docx
Resource
win10v2004-20230220-en
Malware Config
Extracted
http://00000000000OOOOOLLLLLLLL000000000000LLLLLLLOOOOO00000000000LLLLLLLOOOOO0000000000LLLLL00000000000OOOLLLLLLL@760759131/x......x......x.....doc
Extracted
lokibot
http://171.22.30.164/okuman/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
S3-QTLKT220413R.docx
-
Size
10KB
-
MD5
e9bf75f68cf1cd02b4b9b7e6bcaca88d
-
SHA1
d9c326df06b90d796eb0a126c70967ab16d42c2e
-
SHA256
b59ed31e2aad9b4955f0dcc1f0e4aeef44f161a508bd408466c4495289462a6e
-
SHA512
031223688c3c18000a7d8cc91e205e7cb8e84d0946913ccec3f856f395c5d45d119b2ad9cc2d8ed438c81a96d51547d0556199c2bec565a2f94f8b8c7b28b25a
-
SSDEEP
192:ScIMmtPGT7G/bIwXOVOL5SEzBC4vNq6sM63OR:SPXuT+xXOVOVhlqH6
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-