General
-
Target
301747D4995ADCA377535E08BC8509235FD4D17B0FDDA.exe
-
Size
148KB
-
Sample
210926-tglrfafabk
-
MD5
ca44a3a8334d049e806e9e02f2c764f8
-
SHA1
4484b6795336e063747d7157cfddd15c7c218ca6
-
SHA256
301747d4995adca377535e08bc8509235fd4d17b0fdda6dcd0a80e67a7b3669d
-
SHA512
5404d0f741e65937bdd0c0ec077fda9a3681b7bc6e12a579e8129e1ccc10aa53d0a47bba0f0bd7298cffc10efb19f4f4eec233e3cf2d0750d5545b9ab98cc73a
Static task
static1
Behavioral task
behavioral1
Sample
301747D4995ADCA377535E08BC8509235FD4D17B0FDDA.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://103.194.170.48/update/GISVOUH/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
301747D4995ADCA377535E08BC8509235FD4D17B0FDDA.exe
-
Size
148KB
-
MD5
ca44a3a8334d049e806e9e02f2c764f8
-
SHA1
4484b6795336e063747d7157cfddd15c7c218ca6
-
SHA256
301747d4995adca377535e08bc8509235fd4d17b0fdda6dcd0a80e67a7b3669d
-
SHA512
5404d0f741e65937bdd0c0ec077fda9a3681b7bc6e12a579e8129e1ccc10aa53d0a47bba0f0bd7298cffc10efb19f4f4eec233e3cf2d0750d5545b9ab98cc73a
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-