General
-
Target
sUTU8qA36YWUnuy.exe
-
Size
903KB
-
Sample
211207-c6fhaafgbk
-
MD5
e9b1654b791f75595bbd5de696d8237b
-
SHA1
6bd2875b79ba0f68b7e973ec9f76d046e7a162d7
-
SHA256
dbb841aa94ab0edf2f9a31fd5c329cead1f72eb5c90e03ff5b5018b62c37b83e
-
SHA512
58b786d679f18cb90fa84ea9e1c72dadda0eaef60de885b9914dffb89f7bd29274089151cbc001e2e2460e8129c2ad2985952a188d4a49dd387c8393b4657dff
Static task
static1
Behavioral task
behavioral1
Sample
sUTU8qA36YWUnuy.exe
Resource
win7-en-20211104
Malware Config
Extracted
lokibot
http://63.250.34.171/tickets.php?id=505
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
sUTU8qA36YWUnuy.exe
-
Size
903KB
-
MD5
e9b1654b791f75595bbd5de696d8237b
-
SHA1
6bd2875b79ba0f68b7e973ec9f76d046e7a162d7
-
SHA256
dbb841aa94ab0edf2f9a31fd5c329cead1f72eb5c90e03ff5b5018b62c37b83e
-
SHA512
58b786d679f18cb90fa84ea9e1c72dadda0eaef60de885b9914dffb89f7bd29274089151cbc001e2e2460e8129c2ad2985952a188d4a49dd387c8393b4657dff
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-