General
-
Target
92603af1152244669c1d987d267d54f1PAGO_PL73103000190108400402533221_20211.gz
-
Size
228KB
-
Sample
211028-v8236sggdl
-
MD5
02e9e3aad0d2814f47983355c82f8ed2
-
SHA1
0e4a211e9e4716354a53bbb9be73726e336b3ac2
-
SHA256
7c8f7820cd056542d0d592f022ff46ef49334bbbec9654799ccd19fbb4ee3284
-
SHA512
ed781eaac2077cd6f74115aca44ebd3bbc571c97cabb45b3d6a3d3fac0f4105ac246545e31dca2431fa8f2ac58172a3458e3a23eac4b1f85e3892cdf2c3aa8cd
Static task
static1
Behavioral task
behavioral1
Sample
92603af1152244669c1d987d267d54f1PAGO_PL73103000190108400402533221_20211..exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://secure01-redirect.net/ga19/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
92603af1152244669c1d987d267d54f1PAGO_PL73103000190108400402533221_20211..exe
-
Size
241KB
-
MD5
efaddcab3e1a1e1f8e557c50d8c70125
-
SHA1
b365aae4cc416c0b18c067d4c55ed0e32d6b752e
-
SHA256
95657208e2889560b9cd735a6bd98f99b817db9a7a2f7535dabec2193866103f
-
SHA512
2528fb4b25a6e527312d5e979e5153f1634d4984d1b3204278e4ae59dbb8f6cc9ae68ff5268fbc1ae03ff7f535aadb2835ae778f6f3ee7ce92f497dce840265b
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-