General
-
Target
Transfer Request_pdf.gz
-
Size
224KB
-
Sample
210728-34qs5f28bj
-
MD5
bf00a8439d7b1091171b11e27ba0effa
-
SHA1
564f4adf499e31e1eb119a8894a57c8eb333511f
-
SHA256
30ae68254b23593ed9074e7122a9e790452a244fb6946431ad5baa122018a435
-
SHA512
27ce2841e16fd69ec35f498d74ea5bf35825ef25246e890a5bef135fc7ddf06e463a893dfb0a1c9b451bf98c4b7250e176178b069afc767fe123fbd671fa58c4
Static task
static1
Behavioral task
behavioral1
Sample
Transfer Request_pdf.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/rVXhi7NTm83H7
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Transfer Request_pdf.exe
-
Size
257KB
-
MD5
76e63cbd970c7a019e3bc4bb409f0606
-
SHA1
5d4c5632dab2fa18942dc910ec3c5731d488aa83
-
SHA256
44df96504ff0a727740da2a67982e2d214849ecf98a64de1ffcbf92bb46331a1
-
SHA512
9dad45e1d26ce496d2e352523b9d3e9ee02db82ec338c425dcccbb73acd203a72a398a0ea5d5a04483e2a1a2180799949bb0c5b010e137ee3cad67ab8acf2061
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-