General
-
Target
31a1331a10d3315692a672f0af91df6e50e1663e6ec7d02976c80ee9a0ac2e14
-
Size
366KB
-
Sample
211021-1akn5abfgp
-
MD5
5118a67b86f2cad297041b94b6531470
-
SHA1
120929f433c89a7e0efcd0af18eefe69ea34daae
-
SHA256
31a1331a10d3315692a672f0af91df6e50e1663e6ec7d02976c80ee9a0ac2e14
-
SHA512
669be37523e4b672fefb1e3610f170222f849e2937df8262ebd35012f247be19ffe4568b60376c24c51eddade2881166c6152d3890d908e6c1800be25ccb7ce9
Static task
static1
Malware Config
Extracted
lokibot
http://secure01-redirect.net/ga18/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
31a1331a10d3315692a672f0af91df6e50e1663e6ec7d02976c80ee9a0ac2e14
-
Size
366KB
-
MD5
5118a67b86f2cad297041b94b6531470
-
SHA1
120929f433c89a7e0efcd0af18eefe69ea34daae
-
SHA256
31a1331a10d3315692a672f0af91df6e50e1663e6ec7d02976c80ee9a0ac2e14
-
SHA512
669be37523e4b672fefb1e3610f170222f849e2937df8262ebd35012f247be19ffe4568b60376c24c51eddade2881166c6152d3890d908e6c1800be25ccb7ce9
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-