General
-
Target
e0d91566226df326eacb5b23fc65f8f5a18fa982c662c169e0b4c9cde3d8898b.exe
-
Size
274KB
-
Sample
211028-wmydjaggem
-
MD5
4d1524f643dfdc491de426572a7d38e6
-
SHA1
3d0124a22ea5c877dd2f20653a5f6154fefa39b3
-
SHA256
e0d91566226df326eacb5b23fc65f8f5a18fa982c662c169e0b4c9cde3d8898b
-
SHA512
2006f03ed6ddf8a9743b0cdcb94a986fad3458061b570c07e40a285fe0122227778f2a34d437052ba984500802504d3bd4b43e492599f2b5ff4fe183deeab0bb
Static task
static1
Behavioral task
behavioral1
Sample
e0d91566226df326eacb5b23fc65f8f5a18fa982c662c169e0b4c9cde3d8898b.exe
Resource
win7-en-20211014
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=719442
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e0d91566226df326eacb5b23fc65f8f5a18fa982c662c169e0b4c9cde3d8898b.exe
-
Size
274KB
-
MD5
4d1524f643dfdc491de426572a7d38e6
-
SHA1
3d0124a22ea5c877dd2f20653a5f6154fefa39b3
-
SHA256
e0d91566226df326eacb5b23fc65f8f5a18fa982c662c169e0b4c9cde3d8898b
-
SHA512
2006f03ed6ddf8a9743b0cdcb94a986fad3458061b570c07e40a285fe0122227778f2a34d437052ba984500802504d3bd4b43e492599f2b5ff4fe183deeab0bb
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-