General
-
Target
2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee.exe
-
Size
851KB
-
Sample
210727-gnre9e8b8x
-
MD5
acef407cd9b335c0c1ca6582aef98d35
-
SHA1
28569bb0962cbe06d1344a61aa8c426746494632
-
SHA256
2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee
-
SHA512
3a4802a7b378a8b3cfdfcc1bff108756d3cf30a4d9218fdcfcc55000093a3a2951bb0238d6ab199eade72966984446ffd4120fa6b69ba1df30f8f1900cfc856c
Static task
static1
Behavioral task
behavioral1
Sample
2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://192.236.179.121/new/zubby/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee.exe
-
Size
851KB
-
MD5
acef407cd9b335c0c1ca6582aef98d35
-
SHA1
28569bb0962cbe06d1344a61aa8c426746494632
-
SHA256
2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee
-
SHA512
3a4802a7b378a8b3cfdfcc1bff108756d3cf30a4d9218fdcfcc55000093a3a2951bb0238d6ab199eade72966984446ffd4120fa6b69ba1df30f8f1900cfc856c
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-