General
-
Target
4f68d7352e104d5eac36c27fd94ebd352aae06cc335f363df2f9de78933ed92d.exe
-
Size
1.2MB
-
Sample
211206-papgjaeabk
-
MD5
69e50153619ce219aa8b526cc8c6cb1d
-
SHA1
7a5429ca50ce7d5cc462a0d26127a179259113d6
-
SHA256
4f68d7352e104d5eac36c27fd94ebd352aae06cc335f363df2f9de78933ed92d
-
SHA512
ed377cd25ed5e6e3a0e2b8489c03f444f9a968ee0c59cc83be7f9c7744b916368d2c9aa2282a0fa79de7fff790a0ca4aa21986a200c004a89fbd12585bf96798
Static task
static1
Behavioral task
behavioral1
Sample
4f68d7352e104d5eac36c27fd94ebd352aae06cc335f363df2f9de78933ed92d.exe
Resource
win7-en-20211104
Malware Config
Extracted
lokibot
http://umuloki.xyz/xx/za/nn.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4f68d7352e104d5eac36c27fd94ebd352aae06cc335f363df2f9de78933ed92d.exe
-
Size
1.2MB
-
MD5
69e50153619ce219aa8b526cc8c6cb1d
-
SHA1
7a5429ca50ce7d5cc462a0d26127a179259113d6
-
SHA256
4f68d7352e104d5eac36c27fd94ebd352aae06cc335f363df2f9de78933ed92d
-
SHA512
ed377cd25ed5e6e3a0e2b8489c03f444f9a968ee0c59cc83be7f9c7744b916368d2c9aa2282a0fa79de7fff790a0ca4aa21986a200c004a89fbd12585bf96798
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-