General
-
Target
fd779cdaf48d63ec3a74744fd179aac0.exe
-
Size
317KB
-
Sample
211029-f3rb6ahdcl
-
MD5
fd779cdaf48d63ec3a74744fd179aac0
-
SHA1
32bef45edfc65c2f77f5d2c336540e958daedc57
-
SHA256
93b125d3f2eb37ffe0bf570919fab7052b8c15814775691ef0602598af3cf328
-
SHA512
d2ce64b4da800e6c71b6ba2f014d7c8ba17a10c25049720e9f2d4f5bb7f3e6abfaf869bd47e2bdf061593d0754bd5e7fca9c9f24ee026b693d5001e9b50495e6
Static task
static1
Behavioral task
behavioral1
Sample
fd779cdaf48d63ec3a74744fd179aac0.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=2576784
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
fd779cdaf48d63ec3a74744fd179aac0.exe
-
Size
317KB
-
MD5
fd779cdaf48d63ec3a74744fd179aac0
-
SHA1
32bef45edfc65c2f77f5d2c336540e958daedc57
-
SHA256
93b125d3f2eb37ffe0bf570919fab7052b8c15814775691ef0602598af3cf328
-
SHA512
d2ce64b4da800e6c71b6ba2f014d7c8ba17a10c25049720e9f2d4f5bb7f3e6abfaf869bd47e2bdf061593d0754bd5e7fca9c9f24ee026b693d5001e9b50495e6
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-