General
-
Target
3be414f054546d9a5ce2e5a9470cccbc19a3f4751553e3b083f0c497151fe130
-
Size
665KB
-
Sample
211025-axgymsgdap
-
MD5
0a05406ccbc442244398e953b278603e
-
SHA1
0d4d3c1dd6901ac2044f352d175d0f871ee4688c
-
SHA256
3be414f054546d9a5ce2e5a9470cccbc19a3f4751553e3b083f0c497151fe130
-
SHA512
458d46ae79df62f7ba8b89dbe26be3c9e599ffff2e20e80215e8734afe81658e61884c25bb340c733114666f898f54e04959f12f0c0d896410497e71e7932bd1
Static task
static1
Malware Config
Extracted
lokibot
http://secure01-redirect.net/fd3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3be414f054546d9a5ce2e5a9470cccbc19a3f4751553e3b083f0c497151fe130
-
Size
665KB
-
MD5
0a05406ccbc442244398e953b278603e
-
SHA1
0d4d3c1dd6901ac2044f352d175d0f871ee4688c
-
SHA256
3be414f054546d9a5ce2e5a9470cccbc19a3f4751553e3b083f0c497151fe130
-
SHA512
458d46ae79df62f7ba8b89dbe26be3c9e599ffff2e20e80215e8734afe81658e61884c25bb340c733114666f898f54e04959f12f0c0d896410497e71e7932bd1
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-