General
-
Target
911972906b8b8d93242c949ae86d35275b6850ec7174296e3d2aed8c9b6356e4.exe
-
Size
346KB
-
Sample
211028-n9z7msgcdr
-
MD5
8afba96c3baa28a1cb7725a8a282a40f
-
SHA1
aa6ed22361211f4affc43e5428f259cf221f7278
-
SHA256
911972906b8b8d93242c949ae86d35275b6850ec7174296e3d2aed8c9b6356e4
-
SHA512
dbb1f4a6bbdc76a294f24794ca1aeb3f002227357b43562ecea00f4d6c2208c6cb066b27ffea89a8befd6eb3af46070331a67210be64544b1f10cc1dcbf00efd
Static task
static1
Behavioral task
behavioral1
Sample
911972906b8b8d93242c949ae86d35275b6850ec7174296e3d2aed8c9b6356e4.exe
Resource
win7-en-20211014
Malware Config
Extracted
lokibot
http://secure01-redirect.net/ho/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
911972906b8b8d93242c949ae86d35275b6850ec7174296e3d2aed8c9b6356e4.exe
-
Size
346KB
-
MD5
8afba96c3baa28a1cb7725a8a282a40f
-
SHA1
aa6ed22361211f4affc43e5428f259cf221f7278
-
SHA256
911972906b8b8d93242c949ae86d35275b6850ec7174296e3d2aed8c9b6356e4
-
SHA512
dbb1f4a6bbdc76a294f24794ca1aeb3f002227357b43562ecea00f4d6c2208c6cb066b27ffea89a8befd6eb3af46070331a67210be64544b1f10cc1dcbf00efd
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-