General
-
Target
70d177abc7455c709ae9710630b9ea49
-
Size
276KB
-
Sample
211014-g7sapagbhk
-
MD5
70d177abc7455c709ae9710630b9ea49
-
SHA1
4d81e55880a35c0157046560eca20b9f528838f4
-
SHA256
b87ecdb8035fa8b5ce87570d757265182a9f49122a02e77dc7f414816cf4b511
-
SHA512
25fd5fa3de0e8bfb89695b3ce55dbeb059eaaaef4a8d9cd4e503f1ccda379cc0ba550354aee59445876c1ea1244d3d696ecfd7e964f3ce0f328a83f48c5ce24c
Static task
static1
Behavioral task
behavioral1
Sample
70d177abc7455c709ae9710630b9ea49.exe
Resource
win7v20210408
Malware Config
Extracted
lokibot
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
70d177abc7455c709ae9710630b9ea49
-
Size
276KB
-
MD5
70d177abc7455c709ae9710630b9ea49
-
SHA1
4d81e55880a35c0157046560eca20b9f528838f4
-
SHA256
b87ecdb8035fa8b5ce87570d757265182a9f49122a02e77dc7f414816cf4b511
-
SHA512
25fd5fa3de0e8bfb89695b3ce55dbeb059eaaaef4a8d9cd4e503f1ccda379cc0ba550354aee59445876c1ea1244d3d696ecfd7e964f3ce0f328a83f48c5ce24c
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-