General
-
Target
ebaf88aae6aaecb97f4db6d8f8856a7161ed15adfc45839e78761470d6ccc80a
-
Size
314KB
-
Sample
211103-yr68cabghp
-
MD5
3d4741d42ff06991b16651f857333dce
-
SHA1
3cdd5dfd96d696e9070b52bd994ffd4eda6b25d0
-
SHA256
ebaf88aae6aaecb97f4db6d8f8856a7161ed15adfc45839e78761470d6ccc80a
-
SHA512
b88c7fc19acd20bc50a09c7555283869b48c00820ff9ad3c9d4c48fc9bd111ce70469903562a3040c6dde7266cfd35b7907435a53165a52e3c5d41f0881af444
Static task
static1
Behavioral task
behavioral1
Sample
ebaf88aae6aaecb97f4db6d8f8856a7161ed15adfc45839e78761470d6ccc80a.exe
Resource
win10-en-20210920
Malware Config
Extracted
lokibot
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ebaf88aae6aaecb97f4db6d8f8856a7161ed15adfc45839e78761470d6ccc80a
-
Size
314KB
-
MD5
3d4741d42ff06991b16651f857333dce
-
SHA1
3cdd5dfd96d696e9070b52bd994ffd4eda6b25d0
-
SHA256
ebaf88aae6aaecb97f4db6d8f8856a7161ed15adfc45839e78761470d6ccc80a
-
SHA512
b88c7fc19acd20bc50a09c7555283869b48c00820ff9ad3c9d4c48fc9bd111ce70469903562a3040c6dde7266cfd35b7907435a53165a52e3c5d41f0881af444
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-