General
-
Target
b2ae544b04a0936cd1ac3ca6783cf134
-
Size
280KB
-
Sample
211028-x28ngsghcq
-
MD5
b2ae544b04a0936cd1ac3ca6783cf134
-
SHA1
82744e173fd8b66102fe4affe8fe7b9245ec9346
-
SHA256
2cbe2405a14ea841ba0dadd6c7deee40b451ffc787bd0a00f9a2a28d57387243
-
SHA512
f9b1a82763889cec0cc675fee2331d1991198078235cec1777fe7910a0a52e93b098478ed5fbb8e6d284d1886177ec5b003a365958f801fbbb3c43debc623c68
Static task
static1
Behavioral task
behavioral1
Sample
b2ae544b04a0936cd1ac3ca6783cf134.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://lokich.xyz/icecobe/so/ui.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b2ae544b04a0936cd1ac3ca6783cf134
-
Size
280KB
-
MD5
b2ae544b04a0936cd1ac3ca6783cf134
-
SHA1
82744e173fd8b66102fe4affe8fe7b9245ec9346
-
SHA256
2cbe2405a14ea841ba0dadd6c7deee40b451ffc787bd0a00f9a2a28d57387243
-
SHA512
f9b1a82763889cec0cc675fee2331d1991198078235cec1777fe7910a0a52e93b098478ed5fbb8e6d284d1886177ec5b003a365958f801fbbb3c43debc623c68
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-