General
-
Target
vbc (1).exe
-
Size
368KB
-
Sample
220116-nhh42sffhp
-
MD5
39a6683b9b279f662f90e1fa6b651c82
-
SHA1
6820838b0de135a5f83d817f16d7119176c6f083
-
SHA256
a15aa89da9f5f87dad62333dca4d34358a10dc939ba64479d01a46675276bbac
-
SHA512
3783c627fcf5c3ab970691d20f7d1b981528b42a447184a53b11e7d2425704539a82a580dfa83ce3c9514c58228d3c4ef8b588312deb8ff7180164291b318c57
Static task
static1
Behavioral task
behavioral1
Sample
vbc (1).exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
vbc (1).exe
Resource
win10-en-20211208
Behavioral task
behavioral3
Sample
vbc (1).exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
lokibot
http://mangeruio.ir/oluwa/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
vbc (1).exe
-
Size
368KB
-
MD5
39a6683b9b279f662f90e1fa6b651c82
-
SHA1
6820838b0de135a5f83d817f16d7119176c6f083
-
SHA256
a15aa89da9f5f87dad62333dca4d34358a10dc939ba64479d01a46675276bbac
-
SHA512
3783c627fcf5c3ab970691d20f7d1b981528b42a447184a53b11e7d2425704539a82a580dfa83ce3c9514c58228d3c4ef8b588312deb8ff7180164291b318c57
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-