General
-
Target
PRICE QUOTATION OCT 28.PDF.7z
-
Size
258KB
-
Sample
211028-dmra4shdgp
-
MD5
6ddf2c3f78908053973d942219c1cf43
-
SHA1
8f3d9b0487c39549800bffe5185b819924c96641
-
SHA256
6bef17c3bf8b6b060a9a9aaf5764cd64ae9ef3a6e13c2c17d670d55223f71119
-
SHA512
8d4017601a0d52633d28caca987c5fe0cdb5fc587fd93c3eb159f1e3882dcefbfd40b8c4f5d62cce18e72363c72eb0c7c019d1c1a908c90732cfe6c2b9d63557
Static task
static1
Behavioral task
behavioral1
Sample
PRICE QUOTATION OCT 28.exe
Resource
win7-en-20211014
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=2576784
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PRICE QUOTATION OCT 28.exe
-
Size
317KB
-
MD5
fd779cdaf48d63ec3a74744fd179aac0
-
SHA1
32bef45edfc65c2f77f5d2c336540e958daedc57
-
SHA256
93b125d3f2eb37ffe0bf570919fab7052b8c15814775691ef0602598af3cf328
-
SHA512
d2ce64b4da800e6c71b6ba2f014d7c8ba17a10c25049720e9f2d4f5bb7f3e6abfaf869bd47e2bdf061593d0754bd5e7fca9c9f24ee026b693d5001e9b50495e6
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-