General
-
Target
payment copy.xls.zip
-
Size
594KB
-
Sample
250124-gsk8tstmb1
-
MD5
9d6edc7cb1af2a769713fa988e64ec2d
-
SHA1
353e768e2e5f3592304a94ee80ff72ad8b0c8ac2
-
SHA256
24d10286f6398c55e55cf2cc2f01982128a467dda3760961354307350ae4ec29
-
SHA512
18f9883c759b9f3cb50b0c857d291e244ef62b5e42d30cf0abc7b41f38219397893223b5e9a00815e33765731ee7fc5394f66f5be91a48cfe2fad3f5354335e2
-
SSDEEP
12288:zqG5NvVIFfdcdiFR63tG9i38BTZ5+Lcn4g9QiGj:uG5vemQ63t18F+LC4kQiGj
Static task
static1
Behavioral task
behavioral1
Sample
payment copy.xls.exe
Resource
win7-20240903-en
Malware Config
Extracted
lokibot
http://royalsailtravel.ru/Sacc/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
payment copy.xls.exe
-
Size
898KB
-
MD5
79909af0c94352b1c85608a88481c02d
-
SHA1
1dcc9fae630146395411beb6af4c9ae6acc6b94d
-
SHA256
7a9a8d54632678f1b988c651fce64f39cdb11050d080e2453df24e4e6a81a5a4
-
SHA512
fbfea4b0573b5c5bf742a86260be79a444d1d2bd23f0fd1eb25d0dc6b52cfdce8973a83f59c9a148b6cd29e95f57f7fc5df19fa7724ef0c9ba9bfb30c7bca607
-
SSDEEP
12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aC2+jcz469Q4eE:uRmJkcoQricOIQxiZY1iaC2+jw4SQ4eE
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-