General
-
Target
0a7a0226b591a93d521911b140c0ba11
-
Size
296KB
-
Sample
211028-nqtkragcbk
-
MD5
0a7a0226b591a93d521911b140c0ba11
-
SHA1
23df5fcee570c6a12c93eb9503877c2e0bfe552c
-
SHA256
f816fbcf587556c100c67159d744a862a7b22d4ad0ba13bd10bbd5ebb43c7688
-
SHA512
368cd31e31b1dfe16cc490e64663c9ed021cc57c164f55417cbded34d453dd88eac2a2e505a35e4d5c145d15dbe7c3317691c334044b51299386627e80167c4e
Static task
static1
Behavioral task
behavioral1
Sample
0a7a0226b591a93d521911b140c0ba11.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=9099522
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0a7a0226b591a93d521911b140c0ba11
-
Size
296KB
-
MD5
0a7a0226b591a93d521911b140c0ba11
-
SHA1
23df5fcee570c6a12c93eb9503877c2e0bfe552c
-
SHA256
f816fbcf587556c100c67159d744a862a7b22d4ad0ba13bd10bbd5ebb43c7688
-
SHA512
368cd31e31b1dfe16cc490e64663c9ed021cc57c164f55417cbded34d453dd88eac2a2e505a35e4d5c145d15dbe7c3317691c334044b51299386627e80167c4e
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-