General
-
Target
28EF89083D52E8916CB488DBC75C97E525203F1BA4D13.exe
-
Size
279KB
-
Sample
211025-yldzlsheaj
-
MD5
5ecbb6958a0457be1858c6e07d345bf0
-
SHA1
4ae501af50c2936ecc2801b7e735459b438a5405
-
SHA256
28ef89083d52e8916cb488dbc75c97e525203f1ba4d13db0cce719af7f446d9d
-
SHA512
723d3a9f19eac5013a2a529ddc3ad428095c30da6394eb50da264eab2109b3d42e885d00e416b82e89f2a2679a4a292a22a627d796de994ed268983bbe26f439
Static task
static1
Behavioral task
behavioral1
Sample
28EF89083D52E8916CB488DBC75C97E525203F1BA4D13.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
28EF89083D52E8916CB488DBC75C97E525203F1BA4D13.exe
Resource
win10-en-20210920
Malware Config
Extracted
lokibot
http://109.248.148.9/logs/done/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
28EF89083D52E8916CB488DBC75C97E525203F1BA4D13.exe
-
Size
279KB
-
MD5
5ecbb6958a0457be1858c6e07d345bf0
-
SHA1
4ae501af50c2936ecc2801b7e735459b438a5405
-
SHA256
28ef89083d52e8916cb488dbc75c97e525203f1ba4d13db0cce719af7f446d9d
-
SHA512
723d3a9f19eac5013a2a529ddc3ad428095c30da6394eb50da264eab2109b3d42e885d00e416b82e89f2a2679a4a292a22a627d796de994ed268983bbe26f439
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-