General
-
Target
ekema file.exe
-
Size
230KB
-
Sample
210810-gwdhkw4pxs
-
MD5
67c6b42042053c3612e928cc593e85a8
-
SHA1
376def01c75feef9ec278980d6bea94661d05f6c
-
SHA256
4a6b31994025e7a6dcfeab2954dd3ae8aba701d227ac5b9684ca97e1031256c5
-
SHA512
96b9d82b6723eb4b5e6db247f2403d268ecd709fa70f9b3ee92e6ad8e102a5694ea84cc60e3d99daf3968f7fffa1384a7fa3fcec657ea9e8706c39048684b13e
Static task
static1
Behavioral task
behavioral1
Sample
ekema file.exe
Resource
win7v20210410
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/X8wFuK75H7pEk
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ekema file.exe
-
Size
230KB
-
MD5
67c6b42042053c3612e928cc593e85a8
-
SHA1
376def01c75feef9ec278980d6bea94661d05f6c
-
SHA256
4a6b31994025e7a6dcfeab2954dd3ae8aba701d227ac5b9684ca97e1031256c5
-
SHA512
96b9d82b6723eb4b5e6db247f2403d268ecd709fa70f9b3ee92e6ad8e102a5694ea84cc60e3d99daf3968f7fffa1384a7fa3fcec657ea9e8706c39048684b13e
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-