General
-
Target
86cabcae1b3d5779f400b12864dfb386e8ac6beb3982f8d4c5e79dcbd79b9306
-
Size
402KB
-
Sample
211206-k722nsdfer
-
MD5
9686187fd7e4a6d9e3dba1f569c79832
-
SHA1
21a5d5828090e9c7e3c351a2703e893cb89790a5
-
SHA256
86cabcae1b3d5779f400b12864dfb386e8ac6beb3982f8d4c5e79dcbd79b9306
-
SHA512
bfbb4409b0476ac6cfd0577c00d809a127eb45cc7657a3678da21a3782060723fc32e8cbc04e085ba48ba2f08ab240dcb624e236b0e0c0da1b399cbb14101852
Static task
static1
Malware Config
Extracted
lokibot
http://secure01-redirect.net/fd3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
86cabcae1b3d5779f400b12864dfb386e8ac6beb3982f8d4c5e79dcbd79b9306
-
Size
402KB
-
MD5
9686187fd7e4a6d9e3dba1f569c79832
-
SHA1
21a5d5828090e9c7e3c351a2703e893cb89790a5
-
SHA256
86cabcae1b3d5779f400b12864dfb386e8ac6beb3982f8d4c5e79dcbd79b9306
-
SHA512
bfbb4409b0476ac6cfd0577c00d809a127eb45cc7657a3678da21a3782060723fc32e8cbc04e085ba48ba2f08ab240dcb624e236b0e0c0da1b399cbb14101852
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-