General
-
Target
aviso de pago del 01.12.2021.js
-
Size
1KB
-
Sample
211201-wh1m4aeehq
-
MD5
a72ddb16e0e559006f5ca0979b106d00
-
SHA1
dae0f29d09639c379646e43f47bce5bbda853e45
-
SHA256
f659f61db048294e47a6c0e868b2564559254de105e013ade05cbc8b9d87aff8
-
SHA512
011a0171e30d6fb71df7716287eca3c2f44067f984115f67726ba69a328bea6b2bd3a3b53a2752a8508ec00a69c9b1be3a1926072bdea7653d42a507d6cd7b14
Static task
static1
Behavioral task
behavioral1
Sample
aviso de pago del 01.12.2021.js
Resource
win7-en-20211104
Malware Config
Extracted
lokibot
http://secure01-redirect.net/fx/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
aviso de pago del 01.12.2021.js
-
Size
1KB
-
MD5
a72ddb16e0e559006f5ca0979b106d00
-
SHA1
dae0f29d09639c379646e43f47bce5bbda853e45
-
SHA256
f659f61db048294e47a6c0e868b2564559254de105e013ade05cbc8b9d87aff8
-
SHA512
011a0171e30d6fb71df7716287eca3c2f44067f984115f67726ba69a328bea6b2bd3a3b53a2752a8508ec00a69c9b1be3a1926072bdea7653d42a507d6cd7b14
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-