General
-
Target
53d281c859e9fdaa0a1e32557a20aabd6f9835cbbb3faa5ff32c67980b364a1b
-
Size
464KB
-
Sample
210727-ealpd6w8lx
-
MD5
ad58ece85846219fd4cc7577304687ae
-
SHA1
f2c890def83625d9b33f07602f3c91988eaef154
-
SHA256
53d281c859e9fdaa0a1e32557a20aabd6f9835cbbb3faa5ff32c67980b364a1b
-
SHA512
03f39fea6f676365ab78925ab0930c55c9eaad3aca9a421db7eb150ee4dc32b3c47319651afe47ef18e7fec44dcd2ec9458a6fa02cb911557d013be09c690e79
Static task
static1
Malware Config
Extracted
lokibot
http://abixmaly.duckdns.org/binge/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
NEXT Eco-Air Shipment.exe
-
Size
628KB
-
MD5
a43a5c69b4fc6c45bbf4c75ee8b3869b
-
SHA1
6d6dd739f8b5c24fc98930dc59809893dcd64070
-
SHA256
235413e22a54a09ad31fae8f8a22a0cf4a443115cbb5dd9fe85a9a563ac1ebc3
-
SHA512
c012f843c33a8240d8e9c6ba9a2e2aaa173c4a856e0ff72b5c219a5d11b90eb9e6f6883e9d53b74b8bdc9c7419bd8be380d962458a84bd8aab90d4d04a449e5f
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-