General
-
Target
4fb2f672e188592f43da7b4c6d64e80e
-
Size
405KB
-
Sample
211029-kceynahffq
-
MD5
4fb2f672e188592f43da7b4c6d64e80e
-
SHA1
f42cad0fb2a08fb7cfb9680a480b778ed46bea1e
-
SHA256
f53dc97b91a6942d8e2d94427056b28fdd9c01cde939029dcb3843d6b7ae129f
-
SHA512
550ab5479fdf2d73940de664a863a016cf722e2bf2ad47f21fbe449c0fce9945139b9a4ef5d67bfa86f1a1c239d08e26b9e236ad5bb0b300a4ee1bd9a887b7a2
Static task
static1
Behavioral task
behavioral1
Sample
4fb2f672e188592f43da7b4c6d64e80e.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=9099522
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4fb2f672e188592f43da7b4c6d64e80e
-
Size
405KB
-
MD5
4fb2f672e188592f43da7b4c6d64e80e
-
SHA1
f42cad0fb2a08fb7cfb9680a480b778ed46bea1e
-
SHA256
f53dc97b91a6942d8e2d94427056b28fdd9c01cde939029dcb3843d6b7ae129f
-
SHA512
550ab5479fdf2d73940de664a863a016cf722e2bf2ad47f21fbe449c0fce9945139b9a4ef5d67bfa86f1a1c239d08e26b9e236ad5bb0b300a4ee1bd9a887b7a2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-