General
-
Target
bf918a307f306ab901fe1846aee351aa18e51920d45a908339a5eb95a6466ca4.exe
-
Size
586KB
-
Sample
211201-wnt3haefdp
-
MD5
effcf5955cebbeb7a830ca594140c3b6
-
SHA1
e7fef6117f1b2aa096c7d8c1eefc5b95a5ff98b3
-
SHA256
bf918a307f306ab901fe1846aee351aa18e51920d45a908339a5eb95a6466ca4
-
SHA512
549ec0a6cf89507510002b74ded5bbb239e5d40d744acb184e2378b83d7b4079468e8b0653408f71f36df945425e19eff37de3b6630d05c13192474490746d6b
Static task
static1
Behavioral task
behavioral1
Sample
bf918a307f306ab901fe1846aee351aa18e51920d45a908339a5eb95a6466ca4.exe
Resource
win7-en-20211014
Malware Config
Extracted
lokibot
http://63.250.34.171/tickets.php?id=552
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
bf918a307f306ab901fe1846aee351aa18e51920d45a908339a5eb95a6466ca4.exe
-
Size
586KB
-
MD5
effcf5955cebbeb7a830ca594140c3b6
-
SHA1
e7fef6117f1b2aa096c7d8c1eefc5b95a5ff98b3
-
SHA256
bf918a307f306ab901fe1846aee351aa18e51920d45a908339a5eb95a6466ca4
-
SHA512
549ec0a6cf89507510002b74ded5bbb239e5d40d744acb184e2378b83d7b4079468e8b0653408f71f36df945425e19eff37de3b6630d05c13192474490746d6b
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-