General
-
Target
MD09575646733.BAT.exe
-
Size
925KB
-
Sample
211207-hamjlsgbcp
-
MD5
19ff8a218d43a58137faebc2f06938e4
-
SHA1
6c9c09d7a7cb43476c67ca83dad2f45e3c4f57a3
-
SHA256
92850b0540932a668f679582c98d67aca4149d45bcad96dc393078b954b4a622
-
SHA512
a7a8499e8fd749c93d0f989f77185eb430e68bbf4d3aecc1587378ecb87aa1b0eecc2eba131a526fe6432467b46b2db792b163be4d74de56f2201e83e10d8bed
Static task
static1
Behavioral task
behavioral1
Sample
MD09575646733.BAT.exe
Resource
win7-en-20211104
Malware Config
Extracted
lokibot
http://lokaxz.xyz/dx/video.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
MD09575646733.BAT.exe
-
Size
925KB
-
MD5
19ff8a218d43a58137faebc2f06938e4
-
SHA1
6c9c09d7a7cb43476c67ca83dad2f45e3c4f57a3
-
SHA256
92850b0540932a668f679582c98d67aca4149d45bcad96dc393078b954b4a622
-
SHA512
a7a8499e8fd749c93d0f989f77185eb430e68bbf4d3aecc1587378ecb87aa1b0eecc2eba131a526fe6432467b46b2db792b163be4d74de56f2201e83e10d8bed
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-