General
-
Target
USD BANK TRANSFER COPIES.exe
-
Size
338KB
-
Sample
211028-27eptahagn
-
MD5
71a16c1253a0054f74343bad09d2dab9
-
SHA1
d4d5e96c234b331dd91f71a3e68cb4847899f56d
-
SHA256
c681ad19ae3eaf10a09685621e5d01a7378ffb27c3f634e72e67ca43633eb38f
-
SHA512
72ffd5749b86b3854329cccfed45a3a47948e91f5d1e7e8a77bee3fe1cf771022e04207053950e8a9b96a15c5e9c97e99765ea137c33dd994f3baf0edcf407df
Static task
static1
Behavioral task
behavioral1
Sample
USD BANK TRANSFER COPIES.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://secure01-redirect.net/ga23/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
USD BANK TRANSFER COPIES.exe
-
Size
338KB
-
MD5
71a16c1253a0054f74343bad09d2dab9
-
SHA1
d4d5e96c234b331dd91f71a3e68cb4847899f56d
-
SHA256
c681ad19ae3eaf10a09685621e5d01a7378ffb27c3f634e72e67ca43633eb38f
-
SHA512
72ffd5749b86b3854329cccfed45a3a47948e91f5d1e7e8a77bee3fe1cf771022e04207053950e8a9b96a15c5e9c97e99765ea137c33dd994f3baf0edcf407df
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-