General
-
Target
1aadfc0d778b0d7bb238840a64991ea77998ca45c480280ed3945ecd2d29649f.exe
-
Size
448KB
-
Sample
220514-q5j1zahhh7
-
MD5
eda9b73de6a05c0f227ca888ecdb7e9d
-
SHA1
9b407c23a5824cf8391a633f83cf7f31c1962d55
-
SHA256
1aadfc0d778b0d7bb238840a64991ea77998ca45c480280ed3945ecd2d29649f
-
SHA512
d7e1b9c64149d5cfdefe7a5f69bf67a364e23f34db4645ff8430592258aa3b0c0da9ba318d34ae45c6859086039af4213bc641af5c6c0c3e3f3f32761995948b
Static task
static1
Behavioral task
behavioral1
Sample
1aadfc0d778b0d7bb238840a64991ea77998ca45c480280ed3945ecd2d29649f.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=21645050038542306
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1aadfc0d778b0d7bb238840a64991ea77998ca45c480280ed3945ecd2d29649f.exe
-
Size
448KB
-
MD5
eda9b73de6a05c0f227ca888ecdb7e9d
-
SHA1
9b407c23a5824cf8391a633f83cf7f31c1962d55
-
SHA256
1aadfc0d778b0d7bb238840a64991ea77998ca45c480280ed3945ecd2d29649f
-
SHA512
d7e1b9c64149d5cfdefe7a5f69bf67a364e23f34db4645ff8430592258aa3b0c0da9ba318d34ae45c6859086039af4213bc641af5c6c0c3e3f3f32761995948b
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-