General
-
Target
f89dfd36a241cb191524a3be64415f40130197252df4eb7eca80f4f9f2823eb8
-
Size
453KB
-
Sample
210728-khwbwy2tpn
-
MD5
ddfd27cbbd56b286e26bc892ef4f2422
-
SHA1
db94ce471cff1322b1381b92ec58a78274a3bdd2
-
SHA256
f89dfd36a241cb191524a3be64415f40130197252df4eb7eca80f4f9f2823eb8
-
SHA512
72ff8889be24701f7459eb487fff0e23b22a152ef60d0d5fbf5cb1ca436abfc320c3b5ceaf78d364f948574225172485b226dc805837784a57c128ee44663c3c
Static task
static1
Malware Config
Extracted
lokibot
http://abixmaly.duckdns.org/binge/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
purchasing order.exe
-
Size
639KB
-
MD5
b7da251d3f98a75ae233d09b17f3d362
-
SHA1
88a7ef6ba44c82821a2fe302be5ea343c8d58fbc
-
SHA256
799472ff2ede6b91288e967a805661d7ce186ca8ef7756c4bad3ed548e7c28b7
-
SHA512
ac88d6bcd3c269a8411337fc6d1f15ad41a2e62cf59727b2749d415db1852c6e1bbff74b9df5d4476930a228155411b375caeba7f440cfae66f9d1c68545677f
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-