General
-
Target
Dhl_TY908.exe
-
Size
397KB
-
Sample
211029-gd99eahdhl
-
MD5
a7cd314508813b4d8712c8cb7acc08d4
-
SHA1
66c60a2dd839bd633d0461ba765af3e0457a9ff0
-
SHA256
1442be62f4542cef5450029ebc729556b0cd8c303182b926f37a0f3b153a2935
-
SHA512
2ec51f0d4d05d79c412ccba749baf863207dfb81af49adefd6ec4cf6bded1df044e4b47a882cef58322d63563b39cb8b2bbfb20158fbba72f6869778f8672ff4
Static task
static1
Behavioral task
behavioral1
Sample
Dhl_TY908.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=8376882
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Dhl_TY908.exe
-
Size
397KB
-
MD5
a7cd314508813b4d8712c8cb7acc08d4
-
SHA1
66c60a2dd839bd633d0461ba765af3e0457a9ff0
-
SHA256
1442be62f4542cef5450029ebc729556b0cd8c303182b926f37a0f3b153a2935
-
SHA512
2ec51f0d4d05d79c412ccba749baf863207dfb81af49adefd6ec4cf6bded1df044e4b47a882cef58322d63563b39cb8b2bbfb20158fbba72f6869778f8672ff4
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-