General
-
Target
96b09a7227379467f64b9ca40721b76a.exe
-
Size
1.5MB
-
Sample
210727-pgabklap8j
-
MD5
96b09a7227379467f64b9ca40721b76a
-
SHA1
8a28222904f910de66d2620ae4b99d98c322bdb3
-
SHA256
5cd560ec7db038e75c705546d41801264cf450d601cf9b1835826da7597ef921
-
SHA512
75086c8e9403834be783667dfad1cc18b756f4df22357520fd1f4a3a863eda0859591f5a0bcb0860ee1876ba6b317b3e600ec2b36a4be26b6e89015460de3031
Static task
static1
Behavioral task
behavioral1
Sample
96b09a7227379467f64b9ca40721b76a.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://manvim.co/fd3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
96b09a7227379467f64b9ca40721b76a.exe
-
Size
1.5MB
-
MD5
96b09a7227379467f64b9ca40721b76a
-
SHA1
8a28222904f910de66d2620ae4b99d98c322bdb3
-
SHA256
5cd560ec7db038e75c705546d41801264cf450d601cf9b1835826da7597ef921
-
SHA512
75086c8e9403834be783667dfad1cc18b756f4df22357520fd1f4a3a863eda0859591f5a0bcb0860ee1876ba6b317b3e600ec2b36a4be26b6e89015460de3031
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-