General
-
Target
6b52710407ef9ac5e2f4054b1faddb2d3a935f5e8c0ca1ec15a7dcf56aa4368f
-
Size
697KB
-
Sample
211025-jbt6hsgfhl
-
MD5
f29e9e4fa36add92b5e974b87999acc1
-
SHA1
79526852578359d00fe7c00fa85a00184b2397e1
-
SHA256
6b52710407ef9ac5e2f4054b1faddb2d3a935f5e8c0ca1ec15a7dcf56aa4368f
-
SHA512
4c18cad8ca19c749fe04e196917cfc8a519b9aa67f18221a4b3d7e84d981e6ca4aa0f3111ed4e5851f2c9a935e1ac7f821d3edd9c97152b30cbc7170a314505b
Static task
static1
Malware Config
Extracted
lokibot
http://secure01-redirect.net/ga20/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6b52710407ef9ac5e2f4054b1faddb2d3a935f5e8c0ca1ec15a7dcf56aa4368f
-
Size
697KB
-
MD5
f29e9e4fa36add92b5e974b87999acc1
-
SHA1
79526852578359d00fe7c00fa85a00184b2397e1
-
SHA256
6b52710407ef9ac5e2f4054b1faddb2d3a935f5e8c0ca1ec15a7dcf56aa4368f
-
SHA512
4c18cad8ca19c749fe04e196917cfc8a519b9aa67f18221a4b3d7e84d981e6ca4aa0f3111ed4e5851f2c9a935e1ac7f821d3edd9c97152b30cbc7170a314505b
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-