General
-
Target
PO DTL20-041.doc
-
Size
314KB
-
Sample
240510-jlzhzsbb4y
-
MD5
156adf696611a249b7ab452b257d6395
-
SHA1
cce0c987e8daa43610a655fc32080d05e9063791
-
SHA256
5b35b93ac36e716d98f54530aed8c547f603b7fe846272eaf722003549d822e5
-
SHA512
0e5ed467433416cc83231ce518cc97cdb5bb90935ed2bc7a89eb4e747ffb63ab6ec582a2281f550439a3145e41e865a60a5d51906ad51b97082c5f490660cb8a
-
SSDEEP
6144:kwAYwAYwAYwAYwAYwAYwAYwAYwAYwA0xs:Us
Static task
static1
Behavioral task
behavioral1
Sample
PO DTL20-041.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PO DTL20-041.rtf
Resource
win10v2004-20240508-en
Malware Config
Extracted
lokibot
http://195.123.211.210/evie1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PO DTL20-041.doc
-
Size
314KB
-
MD5
156adf696611a249b7ab452b257d6395
-
SHA1
cce0c987e8daa43610a655fc32080d05e9063791
-
SHA256
5b35b93ac36e716d98f54530aed8c547f603b7fe846272eaf722003549d822e5
-
SHA512
0e5ed467433416cc83231ce518cc97cdb5bb90935ed2bc7a89eb4e747ffb63ab6ec582a2281f550439a3145e41e865a60a5d51906ad51b97082c5f490660cb8a
-
SSDEEP
6144:kwAYwAYwAYwAYwAYwAYwAYwAYwAYwA0xs:Us
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-