General
-
Target
1c909356c2c0df3d17d1b2694be16f5ab2be10efda79c6faff748661f4757127
-
Size
969KB
-
Sample
220415-bgnxpafefm
-
MD5
c6b02852889de04f1349ffcef5e64054
-
SHA1
b9ac7e3db5a4fc23c80eac135e6b781b56998e96
-
SHA256
1c909356c2c0df3d17d1b2694be16f5ab2be10efda79c6faff748661f4757127
-
SHA512
c77c20cd877a71850cda9255cab39fac7eaa0208822cc8b8cf3ae7789d46f2f0c13db730839f8e3988123f1ce254c53d0d6f8696e615b4e9fe0a586d5f0eae66
Static task
static1
Behavioral task
behavioral1
Sample
1c909356c2c0df3d17d1b2694be16f5ab2be10efda79c6faff748661f4757127.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1c909356c2c0df3d17d1b2694be16f5ab2be10efda79c6faff748661f4757127.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://oziltestfw.ml/officem10/logs/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1c909356c2c0df3d17d1b2694be16f5ab2be10efda79c6faff748661f4757127
-
Size
969KB
-
MD5
c6b02852889de04f1349ffcef5e64054
-
SHA1
b9ac7e3db5a4fc23c80eac135e6b781b56998e96
-
SHA256
1c909356c2c0df3d17d1b2694be16f5ab2be10efda79c6faff748661f4757127
-
SHA512
c77c20cd877a71850cda9255cab39fac7eaa0208822cc8b8cf3ae7789d46f2f0c13db730839f8e3988123f1ce254c53d0d6f8696e615b4e9fe0a586d5f0eae66
-
Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-