General
-
Target
30092024_1242_29092024_PERMINTAAN ANGGARAN (Universitas IPB) ID177888.rar
-
Size
32KB
-
Sample
240930-pxdnjszepe
-
MD5
6cfc2c072663cd8cf83452fffea0f1a4
-
SHA1
513d4659c2a44ce344ae60948892eb52ced22d85
-
SHA256
19fc1dd23605dac18b071693978f7a27fba7dc0e112ceb12b99a8b0334569f0a
-
SHA512
18b1ccd2af1147c5d78d9a0d9c2a696e41490ed06f394f7fc67ea52fd1bc916da1441bde87826188c31bbf9cc7021d316260bb792f649ae81fa22aedefafdc28
-
SSDEEP
768:us7lBVwt8IGMgLTjzTYTDnhQe6VISW6+Dd+Czr1D8w+s:vbKtfGMXHgId7dH5Jj
Static task
static1
Behavioral task
behavioral1
Sample
PERMINTAAN ANGGARAN (Universitas IPB) ID177888·pdf.vbs
Resource
win7-20240708-en
Malware Config
Extracted
lokibot
http://137.184.191.215/index.php/check.php?s=am9ntjjw
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PERMINTAAN ANGGARAN (Universitas IPB) ID177888·pdf.vbs
-
Size
72KB
-
MD5
cf3ce0d565b919fe45d02705736fe824
-
SHA1
0924076c6434b432b18fd0b298a2b5b14e38b754
-
SHA256
96c1a11d9036afc58f65d8533f2c37b7fc64048e21bc60f28f0bb9311902e80f
-
SHA512
eb44246e1c25d9cfcb49f724f710b21432fb8fab17b1344c3af142ef5959542a01db052db1e02b8f9af1df07872d3508fa99718a95260440b450bcee035fc431
-
SSDEEP
1536:sTgvWHbK7HAM/TkMCV5i+8Q5+h+4C/hNGweE+f:sTgeMAITO8QS+lkf
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-