General
-
Target
PAGOS - NOVIEMBRE____________________________________________________________________________________________.exe
-
Size
248KB
-
Sample
211025-y4zn2ahear
-
MD5
0ceb35d9f5f10fb0bf2ff649b6dfd2be
-
SHA1
dfff09bafdc19db70fba6955a796ff900583446e
-
SHA256
bf63359a5373c1a0f0c83a279a3073c61e8c6ca72ada5e86103f2a11f00f636e
-
SHA512
3938d7827a503f2159119b986981cd11562be33a66ef9aa39f5653571279f6e4943daaa15d16248d4a9bbc4e59e9fd3dd1b17adbc2c09d36ae4d6ec3786e2799
Static task
static1
Behavioral task
behavioral1
Sample
PAGOS - NOVIEMBRE____________________________________________________________________________________________.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://secure01-redirect.net/ga19/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PAGOS - NOVIEMBRE____________________________________________________________________________________________.exe
-
Size
248KB
-
MD5
0ceb35d9f5f10fb0bf2ff649b6dfd2be
-
SHA1
dfff09bafdc19db70fba6955a796ff900583446e
-
SHA256
bf63359a5373c1a0f0c83a279a3073c61e8c6ca72ada5e86103f2a11f00f636e
-
SHA512
3938d7827a503f2159119b986981cd11562be33a66ef9aa39f5653571279f6e4943daaa15d16248d4a9bbc4e59e9fd3dd1b17adbc2c09d36ae4d6ec3786e2799
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-