General
-
Target
order gnvc28.doc
-
Size
130KB
-
Sample
240307-wcvjwsab3y
-
MD5
7ce75e108f0993cdc18f76db770d7d39
-
SHA1
9cfaffd4b4974608f07ebfe767599895d2ebb2ba
-
SHA256
bed3ae83708a60fe27fd0f34e88213c40514fd481bcfd3a18b00e6144866c8e8
-
SHA512
1651bf89a2fa7ba20a478237e121d9d36aaf2f449b5524cb848d41cda4cc2c0dccb1e0edbd07853846276c95209e62db874c9c9ae609ff7d50b058016298d16d
-
SSDEEP
768:uwAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWjmkxM3N0Dwf0T6tRBy6Q:uwAlRkwAlRkwAlRffd0Dwf0TkRB/NkyE
Static task
static1
Behavioral task
behavioral1
Sample
order gnvc28.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
order gnvc28.rtf
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
https://sempersim.su/c12/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
order gnvc28.doc
-
Size
130KB
-
MD5
7ce75e108f0993cdc18f76db770d7d39
-
SHA1
9cfaffd4b4974608f07ebfe767599895d2ebb2ba
-
SHA256
bed3ae83708a60fe27fd0f34e88213c40514fd481bcfd3a18b00e6144866c8e8
-
SHA512
1651bf89a2fa7ba20a478237e121d9d36aaf2f449b5524cb848d41cda4cc2c0dccb1e0edbd07853846276c95209e62db874c9c9ae609ff7d50b058016298d16d
-
SSDEEP
768:uwAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWjmkxM3N0Dwf0T6tRBy6Q:uwAlRkwAlRkwAlRffd0Dwf0TkRB/NkyE
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-