General
-
Target
fd0a42afaecfda32493063d664918e84688419a604f8b00c4113ca85dc8a193a
-
Size
306KB
-
Sample
211201-whv3lseehn
-
MD5
d0fc2f15a3a4e69b737217ee57b52d09
-
SHA1
ce4dffbc0a397d8464d3000b5ef931d352b2309a
-
SHA256
fd0a42afaecfda32493063d664918e84688419a604f8b00c4113ca85dc8a193a
-
SHA512
690d745cb08761addb66a43a916c79dbcdec9a2ecfcd77f3f5d2385392a1a3f75448e04c58d4f3d9267fcf41b5b19da9a35cfe56ac23f69667f60f2d592eb341
Static task
static1
Malware Config
Extracted
lokibot
http://secure01-redirect.net/fx/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
fd0a42afaecfda32493063d664918e84688419a604f8b00c4113ca85dc8a193a
-
Size
306KB
-
MD5
d0fc2f15a3a4e69b737217ee57b52d09
-
SHA1
ce4dffbc0a397d8464d3000b5ef931d352b2309a
-
SHA256
fd0a42afaecfda32493063d664918e84688419a604f8b00c4113ca85dc8a193a
-
SHA512
690d745cb08761addb66a43a916c79dbcdec9a2ecfcd77f3f5d2385392a1a3f75448e04c58d4f3d9267fcf41b5b19da9a35cfe56ac23f69667f60f2d592eb341
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-