General
-
Target
New Order Amendment.exe
-
Size
1.2MB
-
Sample
211206-kpv6eadfcj
-
MD5
03540780ecfda1f881050621bdf1cf03
-
SHA1
95e904093ca8ed51ebb05508f75b1d30b03f20b3
-
SHA256
44d0cf2a33b1d54e4f78404b7fc2b41f6ea4801aa3cc6650e757c8e6100f18a5
-
SHA512
cf0e542bfb01185eb0ea6437e80dde2f39ef00ba179b758a116da6ed2078c7f46fffc03c2108d5bc4597e18171663754db1af90c30f512becb5c2db8d8283bb9
Static task
static1
Behavioral task
behavioral1
Sample
New Order Amendment.exe
Resource
win7-en-20211104
Malware Config
Extracted
lokibot
http://secure01-redirect.net/gb19/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
New Order Amendment.exe
-
Size
1.2MB
-
MD5
03540780ecfda1f881050621bdf1cf03
-
SHA1
95e904093ca8ed51ebb05508f75b1d30b03f20b3
-
SHA256
44d0cf2a33b1d54e4f78404b7fc2b41f6ea4801aa3cc6650e757c8e6100f18a5
-
SHA512
cf0e542bfb01185eb0ea6437e80dde2f39ef00ba179b758a116da6ed2078c7f46fffc03c2108d5bc4597e18171663754db1af90c30f512becb5c2db8d8283bb9
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-