General
-
Target
c05b0bc3cde94be7a27b27040cd40864671e9d2be0a0d64fa0865454feaf2190.exe
-
Size
538KB
-
Sample
210728-lxle8bfhva
-
MD5
3965feca216cde849f987b614794b46c
-
SHA1
d5fd435edf3348930b1500d9b10b3b010b07ef99
-
SHA256
c05b0bc3cde94be7a27b27040cd40864671e9d2be0a0d64fa0865454feaf2190
-
SHA512
684381a00700a14c9c0bb9b4cb337f00057ccd678c825b3ab3b578ee6a98dd7c8a46fb42734be7a51dbb47ef21d03929428ab17ef2be327259d8c99439757c5b
Static task
static1
Behavioral task
behavioral1
Sample
c05b0bc3cde94be7a27b27040cd40864671e9d2be0a0d64fa0865454feaf2190.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
https://zamloki.xyz/des/co/tox.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c05b0bc3cde94be7a27b27040cd40864671e9d2be0a0d64fa0865454feaf2190.exe
-
Size
538KB
-
MD5
3965feca216cde849f987b614794b46c
-
SHA1
d5fd435edf3348930b1500d9b10b3b010b07ef99
-
SHA256
c05b0bc3cde94be7a27b27040cd40864671e9d2be0a0d64fa0865454feaf2190
-
SHA512
684381a00700a14c9c0bb9b4cb337f00057ccd678c825b3ab3b578ee6a98dd7c8a46fb42734be7a51dbb47ef21d03929428ab17ef2be327259d8c99439757c5b
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-