General
-
Target
d393823a59a55e03419715ea5d7c35e0707bdf60c81da975dbc37003e3a67006.exe
-
Size
1.5MB
-
Sample
210726-4xyq3fjczx
-
MD5
cfea98c53a954d7092b345a709d9f0ee
-
SHA1
f45f2fafabe0500b9a7e753200429f3b53f0c46f
-
SHA256
d393823a59a55e03419715ea5d7c35e0707bdf60c81da975dbc37003e3a67006
-
SHA512
a99d200e38cb0a93df448aff1c26954dea9b61c4af6ec65764ff7f04d6f651cdcea9a16d64906d0586c9304a8fb1cbacd64c979b56b9884036e1d8025d400452
Static task
static1
Behavioral task
behavioral1
Sample
d393823a59a55e03419715ea5d7c35e0707bdf60c81da975dbc37003e3a67006.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/4jmQmvXLmQyTH
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d393823a59a55e03419715ea5d7c35e0707bdf60c81da975dbc37003e3a67006.exe
-
Size
1.5MB
-
MD5
cfea98c53a954d7092b345a709d9f0ee
-
SHA1
f45f2fafabe0500b9a7e753200429f3b53f0c46f
-
SHA256
d393823a59a55e03419715ea5d7c35e0707bdf60c81da975dbc37003e3a67006
-
SHA512
a99d200e38cb0a93df448aff1c26954dea9b61c4af6ec65764ff7f04d6f651cdcea9a16d64906d0586c9304a8fb1cbacd64c979b56b9884036e1d8025d400452
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-