General
-
Target
01898cea6ace4ad53b0442ae56b50b67.exe
-
Size
249KB
-
Sample
211025-jczgmagfhq
-
MD5
01898cea6ace4ad53b0442ae56b50b67
-
SHA1
157f1d17d020c570d35ae335aeb0679b32fa7a76
-
SHA256
9259d959070ab0317ca2e88897cb2132e9410cc64d1d95200265731996babeb1
-
SHA512
9f5785874957caa8ac5fc5c687fd6e9c4dc41cedcac347a9ffea542d7c9fb3609bc70ed4b5fbc9d4405d11b57c8ac8d5c63fa94404776a282fb89c1b022293ad
Static task
static1
Behavioral task
behavioral1
Sample
01898cea6ace4ad53b0442ae56b50b67.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=719442
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
01898cea6ace4ad53b0442ae56b50b67.exe
-
Size
249KB
-
MD5
01898cea6ace4ad53b0442ae56b50b67
-
SHA1
157f1d17d020c570d35ae335aeb0679b32fa7a76
-
SHA256
9259d959070ab0317ca2e88897cb2132e9410cc64d1d95200265731996babeb1
-
SHA512
9f5785874957caa8ac5fc5c687fd6e9c4dc41cedcac347a9ffea542d7c9fb3609bc70ed4b5fbc9d4405d11b57c8ac8d5c63fa94404776a282fb89c1b022293ad
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-