General
-
Target
130ee8bc9ad77f55f3e383e5644d43291e50ada047b1708bad48339d89c6b20f.exe
-
Size
479KB
-
Sample
211202-abl1gahaep
-
MD5
a460c11539913fd882589010f1d8acd2
-
SHA1
80cfa85456e4d77defdf558ccb611c73de1fbacf
-
SHA256
130ee8bc9ad77f55f3e383e5644d43291e50ada047b1708bad48339d89c6b20f
-
SHA512
145385f5efd0fd222c15da26e70f2a81dbb1ff0d28c8d69e6495b66b6ebc2b0a7566d8c8d2146a5d7abbc955f59614913fda8c976ce760520ff8f13ca5825269
Static task
static1
Behavioral task
behavioral1
Sample
130ee8bc9ad77f55f3e383e5644d43291e50ada047b1708bad48339d89c6b20f.exe
Resource
win7-en-20211104
Malware Config
Extracted
lokibot
http://lokich.xyz/icecobe/so/lc.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
130ee8bc9ad77f55f3e383e5644d43291e50ada047b1708bad48339d89c6b20f.exe
-
Size
479KB
-
MD5
a460c11539913fd882589010f1d8acd2
-
SHA1
80cfa85456e4d77defdf558ccb611c73de1fbacf
-
SHA256
130ee8bc9ad77f55f3e383e5644d43291e50ada047b1708bad48339d89c6b20f
-
SHA512
145385f5efd0fd222c15da26e70f2a81dbb1ff0d28c8d69e6495b66b6ebc2b0a7566d8c8d2146a5d7abbc955f59614913fda8c976ce760520ff8f13ca5825269
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-