General
-
Target
factura_Zx3647.exe
-
Size
404KB
-
Sample
211029-wgaehsaeam
-
MD5
2d84c31f7204880c4bdc3050c55e9713
-
SHA1
b69697ad7c29ab562b66e5a0b584fe2e5dbcb2bb
-
SHA256
e55e002c1aa73116f40522a48b98907b602fa263e66cf49967e8f87a6111110a
-
SHA512
181c626792db8cb78f54c99fbf181840ff300aa221d95a87cb3ee6c9e4bacf31465a0df931c145dd981808fb8cc1c971c878b8de9bd777d40157efadcb19908f
Static task
static1
Behavioral task
behavioral1
Sample
factura_Zx3647.exe
Resource
win7-en-20210920
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=8376882
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
factura_Zx3647.exe
-
Size
404KB
-
MD5
2d84c31f7204880c4bdc3050c55e9713
-
SHA1
b69697ad7c29ab562b66e5a0b584fe2e5dbcb2bb
-
SHA256
e55e002c1aa73116f40522a48b98907b602fa263e66cf49967e8f87a6111110a
-
SHA512
181c626792db8cb78f54c99fbf181840ff300aa221d95a87cb3ee6c9e4bacf31465a0df931c145dd981808fb8cc1c971c878b8de9bd777d40157efadcb19908f
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-