General
-
Target
vbc.exe
-
Size
256KB
-
Sample
211026-ef13eahffl
-
MD5
c30565830025332db48b9f38ddb2ab3f
-
SHA1
63219e001fc7baada4d0168d2b64dbb73dfdcd3e
-
SHA256
63302fc8ec38235750576f3a3c2e0566cd3392074d0a56aeb466e5c8611aeabd
-
SHA512
70a0d348bd5e7e4895d73971514bbe658ba6e927b5ce349134059e6bd5dcbe99fb244b63c60d2417fb66424a91f2acaff2dcbe9d1732644993cb9312a6dabfb2
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-en-20211014
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=475803
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
vbc.exe
-
Size
256KB
-
MD5
c30565830025332db48b9f38ddb2ab3f
-
SHA1
63219e001fc7baada4d0168d2b64dbb73dfdcd3e
-
SHA256
63302fc8ec38235750576f3a3c2e0566cd3392074d0a56aeb466e5c8611aeabd
-
SHA512
70a0d348bd5e7e4895d73971514bbe658ba6e927b5ce349134059e6bd5dcbe99fb244b63c60d2417fb66424a91f2acaff2dcbe9d1732644993cb9312a6dabfb2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-