General
-
Target
c020d8fb46e6f451db2f6b86d4d92235.exe
-
Size
810KB
-
Sample
211025-ppg11ahacr
-
MD5
c020d8fb46e6f451db2f6b86d4d92235
-
SHA1
f7b0b42178d91a54f3e874b97a3c409c00bed229
-
SHA256
00ad9c596b2af402b7d77a1b6d1c81337f76c3d4e4af1e429fafbdf6a8530ff7
-
SHA512
4850824cef591d57754818de1e9d93d50e6dfde215dadfb4007f4d8f0416e8cb037b2c25838f3c6920f271087c3dcc872fe73c61eae7bc4039414f310dd08e50
Static task
static1
Behavioral task
behavioral1
Sample
c020d8fb46e6f451db2f6b86d4d92235.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://37.0.10.190/3/xwt/pin.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c020d8fb46e6f451db2f6b86d4d92235.exe
-
Size
810KB
-
MD5
c020d8fb46e6f451db2f6b86d4d92235
-
SHA1
f7b0b42178d91a54f3e874b97a3c409c00bed229
-
SHA256
00ad9c596b2af402b7d77a1b6d1c81337f76c3d4e4af1e429fafbdf6a8530ff7
-
SHA512
4850824cef591d57754818de1e9d93d50e6dfde215dadfb4007f4d8f0416e8cb037b2c25838f3c6920f271087c3dcc872fe73c61eae7bc4039414f310dd08e50
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-