General
-
Target
pago del 01.12.2021.PDF_____________________________.js
-
Size
1KB
-
Sample
211203-tctaqaghgq
-
MD5
d89c508841994d017cc46a9fe06c5b15
-
SHA1
cd400790eb9cc5b1917ec5eb4040b582d9c732cd
-
SHA256
51b58306d8cc428dd0da0c690d069d9e232aa83781c531c3ebbe977768f12dc9
-
SHA512
60114b6cfdfdf902537ecfac714a98fe0def512e8d1bbecf1c246402d18b890148108ea136f38ce0b5ddda3f629038372583e66cc9e07b81360b2012a76cc22d
Static task
static1
Behavioral task
behavioral1
Sample
pago del 01.12.2021.PDF_____________________________.js
Resource
win7-en-20211104
Malware Config
Extracted
lokibot
http://secure01-redirect.net/fx/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
pago del 01.12.2021.PDF_____________________________.js
-
Size
1KB
-
MD5
d89c508841994d017cc46a9fe06c5b15
-
SHA1
cd400790eb9cc5b1917ec5eb4040b582d9c732cd
-
SHA256
51b58306d8cc428dd0da0c690d069d9e232aa83781c531c3ebbe977768f12dc9
-
SHA512
60114b6cfdfdf902537ecfac714a98fe0def512e8d1bbecf1c246402d18b890148108ea136f38ce0b5ddda3f629038372583e66cc9e07b81360b2012a76cc22d
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-