General
-
Target
4bd029fab2e1855b65f19af615d5af49
-
Size
415KB
-
Sample
210728-2wkd5jham6
-
MD5
4bd029fab2e1855b65f19af615d5af49
-
SHA1
1fdcbad64e3513f887e359ed8411b415cc43ba23
-
SHA256
19bb2b0774e1638edbdcccc7e2fb936773727966acd3977137a8acfe0823266d
-
SHA512
21de8fa96ec71de42f2501029d96baca5a5fd34f06a4729ecc779b53410fa9a979412ce965d9792127416dad81758ac5623d0b3d20349de8488e7a330df9e282
Static task
static1
Behavioral task
behavioral1
Sample
4bd029fab2e1855b65f19af615d5af49.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4bd029fab2e1855b65f19af615d5af49.exe
Resource
win10v20210410
Malware Config
Extracted
lokibot
http://arku.xyz/tkrr/T1/w2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4bd029fab2e1855b65f19af615d5af49
-
Size
415KB
-
MD5
4bd029fab2e1855b65f19af615d5af49
-
SHA1
1fdcbad64e3513f887e359ed8411b415cc43ba23
-
SHA256
19bb2b0774e1638edbdcccc7e2fb936773727966acd3977137a8acfe0823266d
-
SHA512
21de8fa96ec71de42f2501029d96baca5a5fd34f06a4729ecc779b53410fa9a979412ce965d9792127416dad81758ac5623d0b3d20349de8488e7a330df9e282
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-