General
-
Target
eec88ca50dfe87580123cd0d582b1196bc974efdbecb256d5e59dc52ca6d48d4.exe
-
Size
532KB
-
Sample
211206-papgjaeabj
-
MD5
5cc6fc2f78336352bac6975edafa2c1a
-
SHA1
ccb86ddabe85e1ef348ff3dc5f24577040da5f28
-
SHA256
eec88ca50dfe87580123cd0d582b1196bc974efdbecb256d5e59dc52ca6d48d4
-
SHA512
2625083acdf607189a41b24f9da874f37714d43318718b2e5291e0fb0651462ffee4c2b11f4f69884f85d222a0d8955158dacad0afb10226c92aa9d9b78b33a7
Static task
static1
Behavioral task
behavioral1
Sample
eec88ca50dfe87580123cd0d582b1196bc974efdbecb256d5e59dc52ca6d48d4.exe
Resource
win7-en-20211104
Malware Config
Extracted
lokibot
http://secure01-redirect.net/gb4/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
eec88ca50dfe87580123cd0d582b1196bc974efdbecb256d5e59dc52ca6d48d4.exe
-
Size
532KB
-
MD5
5cc6fc2f78336352bac6975edafa2c1a
-
SHA1
ccb86ddabe85e1ef348ff3dc5f24577040da5f28
-
SHA256
eec88ca50dfe87580123cd0d582b1196bc974efdbecb256d5e59dc52ca6d48d4
-
SHA512
2625083acdf607189a41b24f9da874f37714d43318718b2e5291e0fb0651462ffee4c2b11f4f69884f85d222a0d8955158dacad0afb10226c92aa9d9b78b33a7
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-