General
-
Target
624222e2621e27d2fa7e5501300b150ab8ba8fbdd92a1ca108d641b0f34d6926
-
Size
608KB
-
Sample
210728-18fjml6l92
-
MD5
9d53896a7df157fdf95bdfce99f39098
-
SHA1
e3b33ce2a4d620fb2ed166f0df7e330338355f2f
-
SHA256
624222e2621e27d2fa7e5501300b150ab8ba8fbdd92a1ca108d641b0f34d6926
-
SHA512
e6ca9706a776c7f898279184265f68ff24eac76cbcc0b875199521a119df6365a9abda4d6c72d5c2bfeef0b1a53ff09965f274fff738dd2dd0d650035c9f8298
Static task
static1
Malware Config
Extracted
lokibot
http://abixmaly.duckdns.org/binge/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PTI invoice of oc 4f -36..exe
-
Size
849KB
-
MD5
7d4c0543f30b67b2d2c30cc548d2b725
-
SHA1
dacea8e26c5e8d50f8aa65a0c76fbfc6db24c8e0
-
SHA256
5c932da9805dcfbf5d7188eb6e0938c13b3291cdb11be5564cb446a07cd12011
-
SHA512
c3a1139c74b01ebedabcb128eb8a57661c41aa1684ae244d12a1b3765bce455528ea115fa922af44720e5fedc1cfbe019c63db25d7886fb96f006db1c5b31e0a
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-