General
-
Target
701bb01a18a334705d23c8a03cbf85472adf5df3db38f8791c24d07e42cf6d5e.exe
-
Size
315KB
-
Sample
211203-n7t8lsgdgl
-
MD5
591666945b491491a62484957aaf37fa
-
SHA1
7cffa415fdce4d07c39f10478f09039e3a537da9
-
SHA256
701bb01a18a334705d23c8a03cbf85472adf5df3db38f8791c24d07e42cf6d5e
-
SHA512
5cebdd25a26c76b9817904a3657dd42859532a33c2bbcdefb153e4e846bb2bbe87d40cc293b59470715b6331ce91ae0d318b7f3b2f019c63a1efe24cd801d621
Static task
static1
Behavioral task
behavioral1
Sample
701bb01a18a334705d23c8a03cbf85472adf5df3db38f8791c24d07e42cf6d5e.exe
Resource
win7-en-20211104
Malware Config
Extracted
lokibot
http://63.250.34.171/tickets.php?id=539
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
701bb01a18a334705d23c8a03cbf85472adf5df3db38f8791c24d07e42cf6d5e.exe
-
Size
315KB
-
MD5
591666945b491491a62484957aaf37fa
-
SHA1
7cffa415fdce4d07c39f10478f09039e3a537da9
-
SHA256
701bb01a18a334705d23c8a03cbf85472adf5df3db38f8791c24d07e42cf6d5e
-
SHA512
5cebdd25a26c76b9817904a3657dd42859532a33c2bbcdefb153e4e846bb2bbe87d40cc293b59470715b6331ce91ae0d318b7f3b2f019c63a1efe24cd801d621
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-