General
-
Target
875ab4a8c0e8976f706fe0417ccfdf4d78bab6c845f4b3bb5a9e79414cf34c6d.exe
-
Size
564KB
-
Sample
210727-3pha9bb4jx
-
MD5
012678f684c305c94134a4c816fff242
-
SHA1
493521556f140df3b2670b8b28816a24a4676bdb
-
SHA256
875ab4a8c0e8976f706fe0417ccfdf4d78bab6c845f4b3bb5a9e79414cf34c6d
-
SHA512
931477bbb18f152b1daabd63828b63441e050ecfb1326c5e36e0459076e82b36cd94cb8e050c9a0678fc221a75514456ded795d3b7854194434ae90d79618f5b
Static task
static1
Behavioral task
behavioral1
Sample
875ab4a8c0e8976f706fe0417ccfdf4d78bab6c845f4b3bb5a9e79414cf34c6d.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/g2LTjC0V14aJY
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
875ab4a8c0e8976f706fe0417ccfdf4d78bab6c845f4b3bb5a9e79414cf34c6d.exe
-
Size
564KB
-
MD5
012678f684c305c94134a4c816fff242
-
SHA1
493521556f140df3b2670b8b28816a24a4676bdb
-
SHA256
875ab4a8c0e8976f706fe0417ccfdf4d78bab6c845f4b3bb5a9e79414cf34c6d
-
SHA512
931477bbb18f152b1daabd63828b63441e050ecfb1326c5e36e0459076e82b36cd94cb8e050c9a0678fc221a75514456ded795d3b7854194434ae90d79618f5b
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-