General
-
Target
Confirmacion Pago del saldo.lnk
-
Size
2KB
-
Sample
240313-rad2xagb89
-
MD5
a8c342249f92e8f834469cd5fe517643
-
SHA1
bbfe62a54df0ea6bc13d470b65ecf65ffc2cff91
-
SHA256
ac29b52dce3403d45c606e2f3c2fb81bf32d0e5368575eedbd734a647bbb1630
-
SHA512
f780b14bce2c17be4ca0d58f818dd23f526d31566e44ae775229ef1beeaec6c94729588c71385a8a9ac382a887518037fc21367ac84a93f5dfaf1386f3ade551
Static task
static1
Behavioral task
behavioral1
Sample
Confirmacion Pago del saldo.lnk
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Confirmacion Pago del saldo.lnk
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://js-hurling.com/sourcecontent/jsgnjnwjenrgwunibhbsrjhbbabrghrbgkbhrjglhgjrwrhtkjabtkghbgtrg/fjsnvkdthtgr/TvipY.exe
Extracted
lokibot
http://94.156.66.115:4012/dolul/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Confirmacion Pago del saldo.lnk
-
Size
2KB
-
MD5
a8c342249f92e8f834469cd5fe517643
-
SHA1
bbfe62a54df0ea6bc13d470b65ecf65ffc2cff91
-
SHA256
ac29b52dce3403d45c606e2f3c2fb81bf32d0e5368575eedbd734a647bbb1630
-
SHA512
f780b14bce2c17be4ca0d58f818dd23f526d31566e44ae775229ef1beeaec6c94729588c71385a8a9ac382a887518037fc21367ac84a93f5dfaf1386f3ade551
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-