General
-
Target
025bb9440b5682c4bdadb33b85029857b643238f24a0f553ff275853dec522ad
-
Size
250KB
-
Sample
211025-tbxlrahccl
-
MD5
58afb8f1530d54a182313ea2c2663fa6
-
SHA1
3b2e6040e7614e8f96d7a3064564de1bace3009d
-
SHA256
025bb9440b5682c4bdadb33b85029857b643238f24a0f553ff275853dec522ad
-
SHA512
6f103f2134d5a493835faa5e9f3d2f0c583f3efd67f70cc2789b395df580d729c56e71d5b70533bc66d661f20772def7a1ac4c447c605aee94fc0a8d21069e79
Static task
static1
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=719442
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
025bb9440b5682c4bdadb33b85029857b643238f24a0f553ff275853dec522ad
-
Size
250KB
-
MD5
58afb8f1530d54a182313ea2c2663fa6
-
SHA1
3b2e6040e7614e8f96d7a3064564de1bace3009d
-
SHA256
025bb9440b5682c4bdadb33b85029857b643238f24a0f553ff275853dec522ad
-
SHA512
6f103f2134d5a493835faa5e9f3d2f0c583f3efd67f70cc2789b395df580d729c56e71d5b70533bc66d661f20772def7a1ac4c447c605aee94fc0a8d21069e79
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-