General
-
Target
b401c47efbcd7b41dae4bc47ce4fdc43.exe
-
Size
343KB
-
Sample
211029-kjkgqahfhm
-
MD5
b401c47efbcd7b41dae4bc47ce4fdc43
-
SHA1
ce2881bae7b9974e3b4037d946becabb8ce631cd
-
SHA256
99d9efe5477edafdec137e05fac1b92e37a4a2fde0d65d80859fe0fb046620b9
-
SHA512
8354ef39e6b96a3ec0b1027c14e2d0917778b53700fe488042ae2d570fe4a0d54b6ccfb505ebb9619777ac0292d3da51b3000bcaf097de462d07c6c4a924254a
Static task
static1
Behavioral task
behavioral1
Sample
b401c47efbcd7b41dae4bc47ce4fdc43.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://secure01-redirect.net/ga20/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b401c47efbcd7b41dae4bc47ce4fdc43.exe
-
Size
343KB
-
MD5
b401c47efbcd7b41dae4bc47ce4fdc43
-
SHA1
ce2881bae7b9974e3b4037d946becabb8ce631cd
-
SHA256
99d9efe5477edafdec137e05fac1b92e37a4a2fde0d65d80859fe0fb046620b9
-
SHA512
8354ef39e6b96a3ec0b1027c14e2d0917778b53700fe488042ae2d570fe4a0d54b6ccfb505ebb9619777ac0292d3da51b3000bcaf097de462d07c6c4a924254a
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-