General
-
Target
e9f5d0b6532e6aa52de8594a452d67b6f9e367874c856e5d5a5cbab17bc8acaf.exe
-
Size
432KB
-
Sample
220514-q5j1zacchn
-
MD5
6911ec32bc2a1c198b1f62360bbced20
-
SHA1
43247388dbf63c56ef9a6e0cd3566af79f69a20d
-
SHA256
e9f5d0b6532e6aa52de8594a452d67b6f9e367874c856e5d5a5cbab17bc8acaf
-
SHA512
b2740d3d8414e195493ef226c46b81a78f4dbf63ad2083e7891758509c9cfcfae0151632737bdc0aca59e14d145aab1615b310f5c139c5eee93bd1a7f343f0ba
Static task
static1
Behavioral task
behavioral1
Sample
e9f5d0b6532e6aa52de8594a452d67b6f9e367874c856e5d5a5cbab17bc8acaf.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=16819775001048824
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e9f5d0b6532e6aa52de8594a452d67b6f9e367874c856e5d5a5cbab17bc8acaf.exe
-
Size
432KB
-
MD5
6911ec32bc2a1c198b1f62360bbced20
-
SHA1
43247388dbf63c56ef9a6e0cd3566af79f69a20d
-
SHA256
e9f5d0b6532e6aa52de8594a452d67b6f9e367874c856e5d5a5cbab17bc8acaf
-
SHA512
b2740d3d8414e195493ef226c46b81a78f4dbf63ad2083e7891758509c9cfcfae0151632737bdc0aca59e14d145aab1615b310f5c139c5eee93bd1a7f343f0ba
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-