General
-
Target
3688f05556a136fe094de5cb1888eac2a579525f72cd027e19738582ed40c283.xls
-
Size
317KB
-
Sample
240328-cmh43ach9y
-
MD5
3a676a14c0aa582a465032b971ca23f5
-
SHA1
04b12227d6b22ed562005d126cd7e3366c4fe966
-
SHA256
3688f05556a136fe094de5cb1888eac2a579525f72cd027e19738582ed40c283
-
SHA512
f4e2e080f2c6b73aad8f8a487e65a5aed1cee9fa77e9e82f1e0538c978c2f150e10b2ac93e96d65857a7380acd94e16178c82bedb65c415b247f01580e49ae05
-
SSDEEP
6144:VPunhX2jaLY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVlLMIU6FDCmg9bhQ87:VqhX2ja23bVlLMILKbhQ4z3SJKgJeB/b
Static task
static1
Behavioral task
behavioral1
Sample
3688f05556a136fe094de5cb1888eac2a579525f72cd027e19738582ed40c283.xls
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3688f05556a136fe094de5cb1888eac2a579525f72cd027e19738582ed40c283.xls
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
https://sempersim.su/c13/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3688f05556a136fe094de5cb1888eac2a579525f72cd027e19738582ed40c283.xls
-
Size
317KB
-
MD5
3a676a14c0aa582a465032b971ca23f5
-
SHA1
04b12227d6b22ed562005d126cd7e3366c4fe966
-
SHA256
3688f05556a136fe094de5cb1888eac2a579525f72cd027e19738582ed40c283
-
SHA512
f4e2e080f2c6b73aad8f8a487e65a5aed1cee9fa77e9e82f1e0538c978c2f150e10b2ac93e96d65857a7380acd94e16178c82bedb65c415b247f01580e49ae05
-
SSDEEP
6144:VPunhX2jaLY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVlLMIU6FDCmg9bhQ87:VqhX2ja23bVlLMILKbhQ4z3SJKgJeB/b
Score10/10-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables packed with SmartAssembly
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-