General
-
Target
c2c509a61a1d811d29ade6067e54c011
-
Size
400KB
-
Sample
211029-hamjlshecm
-
MD5
c2c509a61a1d811d29ade6067e54c011
-
SHA1
d012fba0f39a14ca051e84f4cba078c52777dceb
-
SHA256
8e485f57dd58369854070e6626690f77c1fbb8bf7dace3930897b9f9eb35e5d1
-
SHA512
3d6dfef8df16f9b7cb7ba98576c98237dbf010d58104aaa43f759ebb5cc13600518ce3de6450ae8f283643ce1cef7cb56624fd028752c8e33eca88a1e0751140
Static task
static1
Behavioral task
behavioral1
Sample
c2c509a61a1d811d29ade6067e54c011.exe
Resource
win7-en-20211014
Malware Config
Extracted
lokibot
http://secure01-redirect.net/ga14/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c2c509a61a1d811d29ade6067e54c011
-
Size
400KB
-
MD5
c2c509a61a1d811d29ade6067e54c011
-
SHA1
d012fba0f39a14ca051e84f4cba078c52777dceb
-
SHA256
8e485f57dd58369854070e6626690f77c1fbb8bf7dace3930897b9f9eb35e5d1
-
SHA512
3d6dfef8df16f9b7cb7ba98576c98237dbf010d58104aaa43f759ebb5cc13600518ce3de6450ae8f283643ce1cef7cb56624fd028752c8e33eca88a1e0751140
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-