General
-
Target
3240c6a8e8bcd54b5648d946e7733ed64e1797930c44bb9067f562a46cc43594
-
Size
957KB
-
Sample
211207-pkwzcshbcn
-
MD5
5daed0944dd819b217f4822ba6b9b15e
-
SHA1
40b1bd62d71e5829f50786644eb2a2cfdcdb37b4
-
SHA256
3240c6a8e8bcd54b5648d946e7733ed64e1797930c44bb9067f562a46cc43594
-
SHA512
1646fea50bca689f7c25bfb2eab031b1bc3daea49fa49d3938086f3c8229a301a796533a0c2349f8784b8e2a4dafd40059b2724bc53189bbfb4a26fdaeb972ed
Static task
static1
Malware Config
Extracted
lokibot
http://63.250.34.171/tickets.php?id=542
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3240c6a8e8bcd54b5648d946e7733ed64e1797930c44bb9067f562a46cc43594
-
Size
957KB
-
MD5
5daed0944dd819b217f4822ba6b9b15e
-
SHA1
40b1bd62d71e5829f50786644eb2a2cfdcdb37b4
-
SHA256
3240c6a8e8bcd54b5648d946e7733ed64e1797930c44bb9067f562a46cc43594
-
SHA512
1646fea50bca689f7c25bfb2eab031b1bc3daea49fa49d3938086f3c8229a301a796533a0c2349f8784b8e2a4dafd40059b2724bc53189bbfb4a26fdaeb972ed
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-