General
-
Target
PO#10242021.zip
-
Size
391KB
-
Sample
211025-elcl1agebr
-
MD5
3f7e6b132641661f717a5297f7f25214
-
SHA1
b58eb5a5356cea065d2c7298397d76bafb8a3777
-
SHA256
b36758c68ce2e8f22005b65823c2e2634547f2fbf6b39e99da5b0077634e0347
-
SHA512
ec79006596be438467ae773774fa836caf0e1c7fa815ff227faea4b1bfcb27685386ca252e7aa935761f026dc5469453eee6b06aa47dee039a8df2a610427b16
Static task
static1
Behavioral task
behavioral1
Sample
PO#10242021.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://iykl2.xyz/otker1/w2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PO#10242021.exe
-
Size
449KB
-
MD5
bb2e526169ac72e5467349a35400c01d
-
SHA1
e0d513185518e5a51fb14e431e62864f04ac3ca3
-
SHA256
41efc8c7bc8097eb8df45f10bc54a3d67ad9f4c2fc6b173641fcc19ee8cd81d9
-
SHA512
454ffd0fbc48d5e2824790ba43ded53875a443ad4bfaf24af41064a63c9ad71338b5672139e17b8bc0dbd3d3a591c7fa57566216171cf3be3b59be9b27184ab9
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-