General
-
Target
cd848603273b1d0f6227a7ef17180cc9
-
Size
398KB
-
Sample
211029-keqg6shfgl
-
MD5
cd848603273b1d0f6227a7ef17180cc9
-
SHA1
bfd18a52145c28096e64dc5505966370caf2371d
-
SHA256
98ed85bf441ec79455c8f951b8f248c98a67c4271aa8890efecb6cf8fd60e773
-
SHA512
d83cd3416b8890c7ef8b964c54116439bc9ced29b4e594c8543ae6cb9b8d7d5afbb65ff17d60dce212af9c8458e1ab679d67557a3dd735d503080ac176dfd9f1
Static task
static1
Behavioral task
behavioral1
Sample
cd848603273b1d0f6227a7ef17180cc9.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://secure01-redirect.net/ga18/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
cd848603273b1d0f6227a7ef17180cc9
-
Size
398KB
-
MD5
cd848603273b1d0f6227a7ef17180cc9
-
SHA1
bfd18a52145c28096e64dc5505966370caf2371d
-
SHA256
98ed85bf441ec79455c8f951b8f248c98a67c4271aa8890efecb6cf8fd60e773
-
SHA512
d83cd3416b8890c7ef8b964c54116439bc9ced29b4e594c8543ae6cb9b8d7d5afbb65ff17d60dce212af9c8458e1ab679d67557a3dd735d503080ac176dfd9f1
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-