General
-
Target
7ea5f5d1f96eb486c8fd9293d8bb390656e4fb60caebeae993e9a911b9378009
-
Size
306KB
-
Sample
211028-m41esafhfj
-
MD5
1b4af97e5bb29267e445511854e12b87
-
SHA1
a7926b9620dd9579843534f254625c54689b328a
-
SHA256
7ea5f5d1f96eb486c8fd9293d8bb390656e4fb60caebeae993e9a911b9378009
-
SHA512
d83419103d890d97465bd73f66031129e739f68536de31ab803cc73adf16071a38cc2cba6f859716d067d07c59b8a136f0287fa58e87359c1e39d47620cbbe3e
Static task
static1
Malware Config
Extracted
lokibot
http://bobbyelectronics.xyz/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
7ea5f5d1f96eb486c8fd9293d8bb390656e4fb60caebeae993e9a911b9378009
-
Size
306KB
-
MD5
1b4af97e5bb29267e445511854e12b87
-
SHA1
a7926b9620dd9579843534f254625c54689b328a
-
SHA256
7ea5f5d1f96eb486c8fd9293d8bb390656e4fb60caebeae993e9a911b9378009
-
SHA512
d83419103d890d97465bd73f66031129e739f68536de31ab803cc73adf16071a38cc2cba6f859716d067d07c59b8a136f0287fa58e87359c1e39d47620cbbe3e
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-