General
-
Target
Solicitud de presupuesto 09-30-2024·pdf.vbs
-
Size
73KB
-
Sample
241001-f8v8asshnp
-
MD5
5cc7cf5b0814e2f80bad4c4e85831e96
-
SHA1
93ed4011fc57034804feb5bd8ea61c6cf7b30cce
-
SHA256
12cf262af8e265c0013ba1e06bfe89b0e9b65acffe82f2f54121dcd434c4b394
-
SHA512
f9834c708ff8af1734b345f156d7abcebc8675f6e481fe65ac4512578d71cac11a3eba9779f2708a990858da9dce32c2e8416c967b77701991d7692393fa8c09
-
SSDEEP
1536:s+0UNtNTLbVAumhqIkeF+3e+2Tyf4hHKMHAqLkf:s+5LfAFh62TS4hKf
Static task
static1
Behavioral task
behavioral1
Sample
Solicitud de presupuesto 09-30-2024·pdf.vbs
Resource
win7-20240729-en
Malware Config
Extracted
lokibot
http://137.184.191.215/index.php/10899
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Solicitud de presupuesto 09-30-2024·pdf.vbs
-
Size
73KB
-
MD5
5cc7cf5b0814e2f80bad4c4e85831e96
-
SHA1
93ed4011fc57034804feb5bd8ea61c6cf7b30cce
-
SHA256
12cf262af8e265c0013ba1e06bfe89b0e9b65acffe82f2f54121dcd434c4b394
-
SHA512
f9834c708ff8af1734b345f156d7abcebc8675f6e481fe65ac4512578d71cac11a3eba9779f2708a990858da9dce32c2e8416c967b77701991d7692393fa8c09
-
SSDEEP
1536:s+0UNtNTLbVAumhqIkeF+3e+2Tyf4hHKMHAqLkf:s+5LfAFh62TS4hKf
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-