General
-
Target
5218080ebe69d63196e24cb2d9a08008e5cac324073b13a29f2b660be7398cc1
-
Size
270KB
-
Sample
211029-gphzasheal
-
MD5
d031d354378993ddf3aca597f723b301
-
SHA1
b6a6ed3df049e756d57d8d19a22e124b2672ee1c
-
SHA256
5218080ebe69d63196e24cb2d9a08008e5cac324073b13a29f2b660be7398cc1
-
SHA512
c345a0d66fc8ba3a434e3678f183575cc7de1bebdea2f3474090d28deacb82ce7ecb3f14ee66bfa1df453eee90de9c2a79270aa5e538d1996050f786c3ed51ee
Static task
static1
Malware Config
Extracted
lokibot
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5218080ebe69d63196e24cb2d9a08008e5cac324073b13a29f2b660be7398cc1
-
Size
270KB
-
MD5
d031d354378993ddf3aca597f723b301
-
SHA1
b6a6ed3df049e756d57d8d19a22e124b2672ee1c
-
SHA256
5218080ebe69d63196e24cb2d9a08008e5cac324073b13a29f2b660be7398cc1
-
SHA512
c345a0d66fc8ba3a434e3678f183575cc7de1bebdea2f3474090d28deacb82ce7ecb3f14ee66bfa1df453eee90de9c2a79270aa5e538d1996050f786c3ed51ee
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-