General
-
Target
de150999666b11d6c478a3a962e6a264d20d08e7.rtf.tar.gz
-
Size
24KB
-
Sample
240425-jh8x9agh46
-
MD5
4dd35aaabdc372d1ce89445de8a5eb53
-
SHA1
6f9c8a0702dc4b6412ce18635116fb9266306841
-
SHA256
865332b8234022c5cb6850eea88ac43b5abf989b0f905704828e87088af87e9d
-
SHA512
45c20a7ee413f27c3ff417c8a60c4e4787c366a68449bcc296a01db7355611c4b5627ab6c2ea981acb447311e476708ccda84f03797a1867d81bd9e07d1fe8cf
-
SSDEEP
384:TK+NulORqdG6tJR/HHaTGe8rQPo//e5cg3lQBwlyepmG4/IehlVwDmyO:uFMaGWJRvHOGe8rXO5cmlrlyU47zyk
Static task
static1
Behavioral task
behavioral1
Sample
de150999666b11d6c478a3a962e6a264d20d08e7.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
de150999666b11d6c478a3a962e6a264d20d08e7.rtf
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://ebnsina.top/evie1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
de150999666b11d6c478a3a962e6a264d20d08e7.rtf
-
Size
129KB
-
MD5
48aa2134db06ead5d50e17014ab74dbd
-
SHA1
de150999666b11d6c478a3a962e6a264d20d08e7
-
SHA256
f1d0eb2c8891248f99cd1d6ce9a8adc218ca761b5ac2a92e54242e8dc4edc864
-
SHA512
92025262b83651cdd6c20879249fcecbe39b744e0bcfe8ea118a05743a6177106c613b511c2657ba52dbbab580a027b8523c14ba14922cd0035e615a8d7db29c
-
SSDEEP
768:fwAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWjjPJXiVsM0tnIVPBS+:fwAlRkwAlRkwAlRY5AsMenWBS+
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-