General
-
Target
a852767012d33e903f2c89250083962d52dffc8b8575462634630fb806d73a06.exe
-
Size
527KB
-
Sample
211204-abpflahegq
-
MD5
6e9d0244c9fe8f7886c85b1ee6457a57
-
SHA1
0b46ba43e7864d02502a54e3d638a1bd5f950e77
-
SHA256
a852767012d33e903f2c89250083962d52dffc8b8575462634630fb806d73a06
-
SHA512
683baa48c9de850f9374a33767d748526a78daf63ef373e0fc8f2d1ae3e336cb8ef78f47f688b9d6eef16627454e14c783baae2407c46cd6a4a949751a3f6819
Static task
static1
Behavioral task
behavioral1
Sample
a852767012d33e903f2c89250083962d52dffc8b8575462634630fb806d73a06.exe
Resource
win7-en-20211014
Malware Config
Extracted
lokibot
http://exinmbakala.xyz/abu/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a852767012d33e903f2c89250083962d52dffc8b8575462634630fb806d73a06.exe
-
Size
527KB
-
MD5
6e9d0244c9fe8f7886c85b1ee6457a57
-
SHA1
0b46ba43e7864d02502a54e3d638a1bd5f950e77
-
SHA256
a852767012d33e903f2c89250083962d52dffc8b8575462634630fb806d73a06
-
SHA512
683baa48c9de850f9374a33767d748526a78daf63ef373e0fc8f2d1ae3e336cb8ef78f47f688b9d6eef16627454e14c783baae2407c46cd6a4a949751a3f6819
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-