General
-
Target
e87293828706a189ffece3665370e6c94a67cbbbe9c68bac5442e893b1b0fec0.exe
-
Size
636KB
-
Sample
211203-n7t8lsgdgk
-
MD5
0085cf25325f1c53e0ef357283b6e064
-
SHA1
6529b7166db11aec6493b6772212c8a9562a65fd
-
SHA256
e87293828706a189ffece3665370e6c94a67cbbbe9c68bac5442e893b1b0fec0
-
SHA512
4703927b91b84a42417e0ed52675e5d0eebdf453c6fa421d2461e6950d643a093e62d4fa48404fc96ad5c937ee6dd079f111059abcc0254b7c4ea3608776d07e
Static task
static1
Behavioral task
behavioral1
Sample
e87293828706a189ffece3665370e6c94a67cbbbe9c68bac5442e893b1b0fec0.exe
Resource
win7-en-20211014
Malware Config
Extracted
lokibot
http://secure01-redirect.net/gb16/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e87293828706a189ffece3665370e6c94a67cbbbe9c68bac5442e893b1b0fec0.exe
-
Size
636KB
-
MD5
0085cf25325f1c53e0ef357283b6e064
-
SHA1
6529b7166db11aec6493b6772212c8a9562a65fd
-
SHA256
e87293828706a189ffece3665370e6c94a67cbbbe9c68bac5442e893b1b0fec0
-
SHA512
4703927b91b84a42417e0ed52675e5d0eebdf453c6fa421d2461e6950d643a093e62d4fa48404fc96ad5c937ee6dd079f111059abcc0254b7c4ea3608776d07e
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-