General
-
Target
65.exe
-
Size
639KB
-
Sample
210727-ppmzve6yv6
-
MD5
b7da251d3f98a75ae233d09b17f3d362
-
SHA1
88a7ef6ba44c82821a2fe302be5ea343c8d58fbc
-
SHA256
799472ff2ede6b91288e967a805661d7ce186ca8ef7756c4bad3ed548e7c28b7
-
SHA512
ac88d6bcd3c269a8411337fc6d1f15ad41a2e62cf59727b2749d415db1852c6e1bbff74b9df5d4476930a228155411b375caeba7f440cfae66f9d1c68545677f
Static task
static1
Behavioral task
behavioral1
Sample
65.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://abixmaly.duckdns.org/binge/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
65.exe
-
Size
639KB
-
MD5
b7da251d3f98a75ae233d09b17f3d362
-
SHA1
88a7ef6ba44c82821a2fe302be5ea343c8d58fbc
-
SHA256
799472ff2ede6b91288e967a805661d7ce186ca8ef7756c4bad3ed548e7c28b7
-
SHA512
ac88d6bcd3c269a8411337fc6d1f15ad41a2e62cf59727b2749d415db1852c6e1bbff74b9df5d4476930a228155411b375caeba7f440cfae66f9d1c68545677f
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-