General
-
Target
466b5cd9ce2e165638a03bb231b988e867862ba7e52725c8c021a4d7ec4f2060
-
Size
251KB
-
Sample
211025-lwj76aghbr
-
MD5
314bc45f24a07472a46201320e5a3603
-
SHA1
d07d2c94e0a29fa15c1ec42ac9cecf08b6bea6d0
-
SHA256
466b5cd9ce2e165638a03bb231b988e867862ba7e52725c8c021a4d7ec4f2060
-
SHA512
25d3c626b0e300360e7ca762624019c7a3c75de1a4dd6badf53d13713eb4a18b4693c20dd669f7b7518e696c6589863099ff765f44929876da92a16caa321d19
Static task
static1
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=719442
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
466b5cd9ce2e165638a03bb231b988e867862ba7e52725c8c021a4d7ec4f2060
-
Size
251KB
-
MD5
314bc45f24a07472a46201320e5a3603
-
SHA1
d07d2c94e0a29fa15c1ec42ac9cecf08b6bea6d0
-
SHA256
466b5cd9ce2e165638a03bb231b988e867862ba7e52725c8c021a4d7ec4f2060
-
SHA512
25d3c626b0e300360e7ca762624019c7a3c75de1a4dd6badf53d13713eb4a18b4693c20dd669f7b7518e696c6589863099ff765f44929876da92a16caa321d19
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-