General
-
Target
e9523f62177970ce7d70a44b499310ca51cfdd9d478237184a8743a70b4f0dc4.exe
-
Size
243KB
-
Sample
211029-n9jvnahhhl
-
MD5
4eca9ad029e51e378913376e9b1e3a56
-
SHA1
213f9cd1fa7df5d0a85cf6d91614bfbbfbc232bc
-
SHA256
e9523f62177970ce7d70a44b499310ca51cfdd9d478237184a8743a70b4f0dc4
-
SHA512
b5a5b3628dcaad3ce5e76acda439421bda4c117949aa44af82961bd2af5ff5c976c7a42e4e4716a1e66c35ef1957689a03de3fa14cfc535336e2a66b280656b0
Static task
static1
Behavioral task
behavioral1
Sample
e9523f62177970ce7d70a44b499310ca51cfdd9d478237184a8743a70b4f0dc4.exe
Resource
win7-en-20211014
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=9773219
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e9523f62177970ce7d70a44b499310ca51cfdd9d478237184a8743a70b4f0dc4.exe
-
Size
243KB
-
MD5
4eca9ad029e51e378913376e9b1e3a56
-
SHA1
213f9cd1fa7df5d0a85cf6d91614bfbbfbc232bc
-
SHA256
e9523f62177970ce7d70a44b499310ca51cfdd9d478237184a8743a70b4f0dc4
-
SHA512
b5a5b3628dcaad3ce5e76acda439421bda4c117949aa44af82961bd2af5ff5c976c7a42e4e4716a1e66c35ef1957689a03de3fa14cfc535336e2a66b280656b0
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-