General
-
Target
shinoexe.zip
-
Size
303KB
-
Sample
211028-r7xwaagedq
-
MD5
23e9e6f52629946b84a01bb57874ad10
-
SHA1
636f482154022872d748465fba523faa4dc7c271
-
SHA256
0e196cec233053871d224b211881c89d3683fad28eff96aacc944faa92d1b89c
-
SHA512
5b0cf650946587c6750d031d0b7931cfde32e4fb57b982069ba7a81a70051059f32d3483c2a86bd1ac4ed92ab045ed505be071fcea07ee550bd300ce404fb739
Static task
static1
Behavioral task
behavioral1
Sample
3c20ea33755f685d39ff6b33f37c8ae5ca9fa3e58a279a2056003d50108991d7.bin.exe
Resource
win7-en-20211014
Malware Config
Extracted
lokibot
http://bobbyelectronics.xyz/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3c20ea33755f685d39ff6b33f37c8ae5ca9fa3e58a279a2056003d50108991d7.bin
-
Size
431KB
-
MD5
c3906150cb093bfe99ed453eef421e81
-
SHA1
88848c01ed1cc8a77cd3faae3bc13f30436ebd0b
-
SHA256
3c20ea33755f685d39ff6b33f37c8ae5ca9fa3e58a279a2056003d50108991d7
-
SHA512
20ebca478ad3ad30b00ebcd086cef3cb7ffb8b7f3700f1407943a9ea5bf0714f3dc50405748da5c0681b3bcbb786f596882e7114993387c167260cfc75c97059
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-