General
-
Target
6f4be74e6b284f46d391aab956b83bf8ffdaf98cccdb8be8aa1648684b4ee678.exe
-
Size
318KB
-
Sample
211029-n9jvnahhhp
-
MD5
aac9bf3c9c487501cd28edbd064d0709
-
SHA1
4a25855089089974c225c28b823db3c1ce871d2a
-
SHA256
6f4be74e6b284f46d391aab956b83bf8ffdaf98cccdb8be8aa1648684b4ee678
-
SHA512
00d99b93a1c7ad0f6a375737a3d24259b99e36cad87ad758bde3b38e46d0fb12d7bb29ef839a6706f8faf800cd5765e50e96a1b8bc6aaa9091528125244093b9
Static task
static1
Behavioral task
behavioral1
Sample
6f4be74e6b284f46d391aab956b83bf8ffdaf98cccdb8be8aa1648684b4ee678.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=6554483
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6f4be74e6b284f46d391aab956b83bf8ffdaf98cccdb8be8aa1648684b4ee678.exe
-
Size
318KB
-
MD5
aac9bf3c9c487501cd28edbd064d0709
-
SHA1
4a25855089089974c225c28b823db3c1ce871d2a
-
SHA256
6f4be74e6b284f46d391aab956b83bf8ffdaf98cccdb8be8aa1648684b4ee678
-
SHA512
00d99b93a1c7ad0f6a375737a3d24259b99e36cad87ad758bde3b38e46d0fb12d7bb29ef839a6706f8faf800cd5765e50e96a1b8bc6aaa9091528125244093b9
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-