General
-
Target
68d5f38cf9d5f63d9d59335905a5576ff8820fd26d3d4844641fcb6ab9e56170.exe
-
Size
1.2MB
-
Sample
211206-wl3lvsegbq
-
MD5
0fba6afb19495cba62963b857eee6fc6
-
SHA1
5ad0f82cf536388a812c3441349c99d5602ed46e
-
SHA256
68d5f38cf9d5f63d9d59335905a5576ff8820fd26d3d4844641fcb6ab9e56170
-
SHA512
e9241b2b0aa3ec71b782e9cc17a7f68ebac92e6a041223e05c05f73a68a23f819c33f651f5fbf719a8f624173216795d87efa80303808e9df5b5c06a0ce89722
Static task
static1
Behavioral task
behavioral1
Sample
68d5f38cf9d5f63d9d59335905a5576ff8820fd26d3d4844641fcb6ab9e56170.exe
Resource
win7-en-20211014
Malware Config
Extracted
lokibot
http://secure01-redirect.net/gb11/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
68d5f38cf9d5f63d9d59335905a5576ff8820fd26d3d4844641fcb6ab9e56170.exe
-
Size
1.2MB
-
MD5
0fba6afb19495cba62963b857eee6fc6
-
SHA1
5ad0f82cf536388a812c3441349c99d5602ed46e
-
SHA256
68d5f38cf9d5f63d9d59335905a5576ff8820fd26d3d4844641fcb6ab9e56170
-
SHA512
e9241b2b0aa3ec71b782e9cc17a7f68ebac92e6a041223e05c05f73a68a23f819c33f651f5fbf719a8f624173216795d87efa80303808e9df5b5c06a0ce89722
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-