General
-
Target
SOLICITUDDEPEDIDOUniversidadedeSoPauloUSP09302024pdf.vbs
-
Size
78KB
-
Sample
241001-pwqlqatepg
-
MD5
8de3bba9fb959d08b3719f1281957c56
-
SHA1
b8132af0e02ecb58c3c3eb39fe919e3b805106cf
-
SHA256
c2df6879029285a4edb1e60526812177c3ac1b7293e5b5f05d8250d682641e25
-
SHA512
8024de858f6d4ec08728944183309650f3f0a7fdc7e83eee53852d00efc37f845ff03bbca42ccd0284282e29c38937a82004bf1b8c3ce439ccc93714fa02f93c
-
SSDEEP
1536:sUjz/4d4EMT6SUAQZWwGcKQeH+4my6lGiYeJztAxUCDYf:sUjsLAgWO4mF1YhQf
Static task
static1
Behavioral task
behavioral1
Sample
SOLICITUDDEPEDIDOUniversidadedeSoPauloUSP09302024pdf.vbs
Resource
win7-20240708-en
Malware Config
Extracted
lokibot
http://137.184.191.215/index.php/check.php?s=am9ntjjw
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SOLICITUDDEPEDIDOUniversidadedeSoPauloUSP09302024pdf.vbs
-
Size
78KB
-
MD5
8de3bba9fb959d08b3719f1281957c56
-
SHA1
b8132af0e02ecb58c3c3eb39fe919e3b805106cf
-
SHA256
c2df6879029285a4edb1e60526812177c3ac1b7293e5b5f05d8250d682641e25
-
SHA512
8024de858f6d4ec08728944183309650f3f0a7fdc7e83eee53852d00efc37f845ff03bbca42ccd0284282e29c38937a82004bf1b8c3ce439ccc93714fa02f93c
-
SSDEEP
1536:sUjz/4d4EMT6SUAQZWwGcKQeH+4my6lGiYeJztAxUCDYf:sUjsLAgWO4mF1YhQf
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-