General
-
Target
Avery Dennison 873311 MCH..doc
-
Size
64KB
-
Sample
240314-fm3p9add62
-
MD5
4b4d5065ec14383016d7730c1c8c6b38
-
SHA1
6d6869d87b6ffd24d1374cc0f83b6e6d5f5eed52
-
SHA256
4989f0bfd201ba820a8ee658ca5cc3c89812bc7540d7ce3bf22e48b7873a0306
-
SHA512
412c8e5a259c2c21d990741412437ed377cb8629a9a3cce3c8222d2141a15fb1ceacc7f58d3f3a6d19e452962f2ca84c35943f6a8a677ba23037395435a89cca
-
SSDEEP
768:GwAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWjaomZK1otuhXlV96Oj5e:GwAlRkwAlRkwAlRPvvwVV9le
Static task
static1
Behavioral task
behavioral1
Sample
Avery Dennison 873311 MCH..rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Avery Dennison 873311 MCH..rtf
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
https://sempersim.su/c11/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Avery Dennison 873311 MCH..doc
-
Size
64KB
-
MD5
4b4d5065ec14383016d7730c1c8c6b38
-
SHA1
6d6869d87b6ffd24d1374cc0f83b6e6d5f5eed52
-
SHA256
4989f0bfd201ba820a8ee658ca5cc3c89812bc7540d7ce3bf22e48b7873a0306
-
SHA512
412c8e5a259c2c21d990741412437ed377cb8629a9a3cce3c8222d2141a15fb1ceacc7f58d3f3a6d19e452962f2ca84c35943f6a8a677ba23037395435a89cca
-
SSDEEP
768:GwAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWjaomZK1otuhXlV96Oj5e:GwAlRkwAlRkwAlRPvvwVV9le
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-