General
-
Target
SecuriteInfo.com.W32.AIDetect.malware2.16115.22528
-
Size
331KB
-
Sample
220228-fp974seffp
-
MD5
b387b2bde14ad35ce0fea34ab540db93
-
SHA1
2ee731cecbf4dc498fa31705060fb5c8d258e015
-
SHA256
d53b16bb54e10bada1347a25db1ebc090d5822bf6285dc3d707bf4abb65e3ab5
-
SHA512
6af60c0c30fc70bc161cd1e8020a6f45c24e4edab3faace08dc3c85eb5b826e00dbd0b7a7c7a3e37a2e1eb50f8c59517d3e42335aeaf208256544fa6131814d6
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetect.malware2.16115.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.AIDetect.malware2.16115.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
lokibot
http://vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetect.malware2.16115.22528
-
Size
331KB
-
MD5
b387b2bde14ad35ce0fea34ab540db93
-
SHA1
2ee731cecbf4dc498fa31705060fb5c8d258e015
-
SHA256
d53b16bb54e10bada1347a25db1ebc090d5822bf6285dc3d707bf4abb65e3ab5
-
SHA512
6af60c0c30fc70bc161cd1e8020a6f45c24e4edab3faace08dc3c85eb5b826e00dbd0b7a7c7a3e37a2e1eb50f8c59517d3e42335aeaf208256544fa6131814d6
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-