General
-
Target
75e80cefc7df5575c82e0702d26d286a.exe
-
Size
249KB
-
Sample
211026-yest7aaagm
-
MD5
75e80cefc7df5575c82e0702d26d286a
-
SHA1
33171a46692bb89e23e2902e08c8076aae6fe551
-
SHA256
c8099f1b69f028319580ee8753f206d02ba3aa9a82beef145e0da69e3dad83c9
-
SHA512
53014bf640a42dc561a8a3509364567d85619e659ab9945b4d4ad0f1d3babd3226d5ac34cc2ec0eee1e9bdfc8d4ce70d733d4b77b4ad6f1bd5ba195428d393be
Static task
static1
Behavioral task
behavioral1
Sample
75e80cefc7df5575c82e0702d26d286a.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=719442
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
75e80cefc7df5575c82e0702d26d286a.exe
-
Size
249KB
-
MD5
75e80cefc7df5575c82e0702d26d286a
-
SHA1
33171a46692bb89e23e2902e08c8076aae6fe551
-
SHA256
c8099f1b69f028319580ee8753f206d02ba3aa9a82beef145e0da69e3dad83c9
-
SHA512
53014bf640a42dc561a8a3509364567d85619e659ab9945b4d4ad0f1d3babd3226d5ac34cc2ec0eee1e9bdfc8d4ce70d733d4b77b4ad6f1bd5ba195428d393be
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-