General
-
Target
vbc.exe
-
Size
245KB
-
Sample
211027-pca2xshagq
-
MD5
76a273a48d0d9e02adc29457e145f437
-
SHA1
159742abd38696ae6649bfe190474b08fe4d69e5
-
SHA256
0b352788433bc575ab65324b4790f43c9afdb8f33ac9f3d64edc5c2b3c3c1a5e
-
SHA512
f36a8d79baf2a924c34244c60c267b45fb42ce67a8d197b752a45df89018299003711b584fd3ec75b2145007ce58a63fbd1e42d7844db4d6b4d08940fc341731
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-en-20211014
Malware Config
Extracted
lokibot
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
vbc.exe
-
Size
245KB
-
MD5
76a273a48d0d9e02adc29457e145f437
-
SHA1
159742abd38696ae6649bfe190474b08fe4d69e5
-
SHA256
0b352788433bc575ab65324b4790f43c9afdb8f33ac9f3d64edc5c2b3c3c1a5e
-
SHA512
f36a8d79baf2a924c34244c60c267b45fb42ce67a8d197b752a45df89018299003711b584fd3ec75b2145007ce58a63fbd1e42d7844db4d6b4d08940fc341731
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-