General
-
Target
_2201S_BUSAN_HOCHIMINH_.xlsx
-
Size
187KB
-
Sample
220210-gj7epsefh5
-
MD5
cf8b307caa943326ee808bb3cb02deee
-
SHA1
705c25adbdb7b805e47566540b3804eba178e7da
-
SHA256
cbe84e2c523fd51dabb1365df50415ffc51f8159c36798061742f08ba5d31b9b
-
SHA512
cfc3ae790c2e17051a4b03214baefd44eb30e8601bf8afd2d711cd197263854e96c19c2486a8838a1971607e09ad6728f6b9d8d982f6395b1ffc7d9c7eb599aa
Static task
static1
Behavioral task
behavioral1
Sample
_2201S_BUSAN_HOCHIMINH_.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
_2201S_BUSAN_HOCHIMINH_.xlsx
Resource
win10v2004-en-20220112
Malware Config
Extracted
lokibot
http://asiaoil.bar//bobby/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
_2201S_BUSAN_HOCHIMINH_.xlsx
-
Size
187KB
-
MD5
cf8b307caa943326ee808bb3cb02deee
-
SHA1
705c25adbdb7b805e47566540b3804eba178e7da
-
SHA256
cbe84e2c523fd51dabb1365df50415ffc51f8159c36798061742f08ba5d31b9b
-
SHA512
cfc3ae790c2e17051a4b03214baefd44eb30e8601bf8afd2d711cd197263854e96c19c2486a8838a1971607e09ad6728f6b9d8d982f6395b1ffc7d9c7eb599aa
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-