General
-
Target
751072a17e3d43d551ee5b7d1db7f20d1401b7e7d43d9c7a504d0f3f6111b14a
-
Size
317KB
-
Sample
240313-lasmeabd78
-
MD5
6bcc90f6364af48fa25ac9498db766eb
-
SHA1
dd995fcd1398d0358ab1afb458a564cf6183859e
-
SHA256
751072a17e3d43d551ee5b7d1db7f20d1401b7e7d43d9c7a504d0f3f6111b14a
-
SHA512
87be5e4f4ccb7dcc776299889994f900aaf286b3e86c65234eb9d3a8e62b24cec8ce3c575225cdb660f5d6c6b7b71303b64fe3ce358571aca859329e234d4d14
-
SSDEEP
6144:MqunJdY0Y35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVDNMIXFIrKq/1f/GBjDF:MbJdYJ3bVDNMIXi2qdfOt+YdD
Static task
static1
Behavioral task
behavioral1
Sample
751072a17e3d43d551ee5b7d1db7f20d1401b7e7d43d9c7a504d0f3f6111b14a.xls
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
751072a17e3d43d551ee5b7d1db7f20d1401b7e7d43d9c7a504d0f3f6111b14a.xls
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
https://sempersim.su/c8/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
751072a17e3d43d551ee5b7d1db7f20d1401b7e7d43d9c7a504d0f3f6111b14a
-
Size
317KB
-
MD5
6bcc90f6364af48fa25ac9498db766eb
-
SHA1
dd995fcd1398d0358ab1afb458a564cf6183859e
-
SHA256
751072a17e3d43d551ee5b7d1db7f20d1401b7e7d43d9c7a504d0f3f6111b14a
-
SHA512
87be5e4f4ccb7dcc776299889994f900aaf286b3e86c65234eb9d3a8e62b24cec8ce3c575225cdb660f5d6c6b7b71303b64fe3ce358571aca859329e234d4d14
-
SSDEEP
6144:MqunJdY0Y35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVDNMIXFIrKq/1f/GBjDF:MbJdYJ3bVDNMIXi2qdfOt+YdD
Score10/10-
Blocklisted process makes network request
-
Abuses OpenXML format to download file from external location
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-