General
-
Target
90397a5fdff62ca9efc2e2edb989f88f
-
Size
420KB
-
Sample
211025-hjmwqsgfdm
-
MD5
90397a5fdff62ca9efc2e2edb989f88f
-
SHA1
ee5a253e9589385e41b1a39b740d2eaac6804ed7
-
SHA256
c35926d69dc7156a41885046951fdbc724e3aabeb3178f206d1829e27ba462e0
-
SHA512
992d03e15b6bf92ebbf51bf51efaf36d92c0f75ea001a523c16406ab2254bf8adb4998881948775d28e51fe13ca433f39eccc6627076dcd66e348eec8357eba6
Static task
static1
Behavioral task
behavioral1
Sample
90397a5fdff62ca9efc2e2edb989f88f.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=9099522
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
90397a5fdff62ca9efc2e2edb989f88f
-
Size
420KB
-
MD5
90397a5fdff62ca9efc2e2edb989f88f
-
SHA1
ee5a253e9589385e41b1a39b740d2eaac6804ed7
-
SHA256
c35926d69dc7156a41885046951fdbc724e3aabeb3178f206d1829e27ba462e0
-
SHA512
992d03e15b6bf92ebbf51bf51efaf36d92c0f75ea001a523c16406ab2254bf8adb4998881948775d28e51fe13ca433f39eccc6627076dcd66e348eec8357eba6
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-