General
-
Target
d78d85bfb1d5f164701a9f8f74eff5d45ceb0e2b8a712f4883ab3747d78badf6
-
Size
472KB
-
Sample
210728-f4ntn8xzp2
-
MD5
7bcd44891633650802028e7cd21cf7a5
-
SHA1
f1bd871859650ac027495db14056b71c9997d14b
-
SHA256
d78d85bfb1d5f164701a9f8f74eff5d45ceb0e2b8a712f4883ab3747d78badf6
-
SHA512
6df2cca5ffd6b5da88fd8a69479c8895025b865d8f26b4f161135fefeed3d7057a6a53a4e800ee360bf33ba06ce60138473a889096b19601feafd8f9c4b8f45c
Static task
static1
Malware Config
Extracted
lokibot
http://abixmaly.duckdns.org/binge/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
contract YF8536851-1.exe
-
Size
628KB
-
MD5
a43a5c69b4fc6c45bbf4c75ee8b3869b
-
SHA1
6d6dd739f8b5c24fc98930dc59809893dcd64070
-
SHA256
235413e22a54a09ad31fae8f8a22a0cf4a443115cbb5dd9fe85a9a563ac1ebc3
-
SHA512
c012f843c33a8240d8e9c6ba9a2e2aaa173c4a856e0ff72b5c219a5d11b90eb9e6f6883e9d53b74b8bdc9c7419bd8be380d962458a84bd8aab90d4d04a449e5f
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-