General
-
Target
025f5e28112d8e1bc917f5ef82c22d40f8c0c9afc9d630945e113c9d337a1236.exe
-
Size
440KB
-
Sample
211029-gsnzqaheaq
-
MD5
3e9e2b7c0a03383e0d026fdeb257109c
-
SHA1
74dafa9bbb2a85417618e6d1ed68b79ec8ff4cc5
-
SHA256
025f5e28112d8e1bc917f5ef82c22d40f8c0c9afc9d630945e113c9d337a1236
-
SHA512
82ab0534c097389301cb6c695c8583e285ec9a7c9de67b8c4b9ace399361e28498d395aa8329f3605a08ff2822f19b9811e6b0239768ccf02b75c1b540623b84
Static task
static1
Behavioral task
behavioral1
Sample
025f5e28112d8e1bc917f5ef82c22d40f8c0c9afc9d630945e113c9d337a1236.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://ab-services.ma/COPYRIGHT/img/frodo/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
025f5e28112d8e1bc917f5ef82c22d40f8c0c9afc9d630945e113c9d337a1236.exe
-
Size
440KB
-
MD5
3e9e2b7c0a03383e0d026fdeb257109c
-
SHA1
74dafa9bbb2a85417618e6d1ed68b79ec8ff4cc5
-
SHA256
025f5e28112d8e1bc917f5ef82c22d40f8c0c9afc9d630945e113c9d337a1236
-
SHA512
82ab0534c097389301cb6c695c8583e285ec9a7c9de67b8c4b9ace399361e28498d395aa8329f3605a08ff2822f19b9811e6b0239768ccf02b75c1b540623b84
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-