General
-
Target
7e7fb389420084c8d186307502d05cb767293ec80fddabb73d7b1fe9e3654bcb.exe
-
Size
179KB
-
Sample
220514-q5jp7shhh2
-
MD5
f5f2de5391dc5dc8d55697ecc2d85e0a
-
SHA1
fedf81c45aeb814ed5afb667f95168bdb39e1c7c
-
SHA256
7e7fb389420084c8d186307502d05cb767293ec80fddabb73d7b1fe9e3654bcb
-
SHA512
cf79d23f06f4954304545fe1b246892ed9140622a314b0e2d5a8c2f757758f5b45fbfa7b931377e6687c454e979daf96606c86d69061f050fb1b501a02473176
Static task
static1
Behavioral task
behavioral1
Sample
7e7fb389420084c8d186307502d05cb767293ec80fddabb73d7b1fe9e3654bcb.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://62.197.136.176/liyan/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
7e7fb389420084c8d186307502d05cb767293ec80fddabb73d7b1fe9e3654bcb.exe
-
Size
179KB
-
MD5
f5f2de5391dc5dc8d55697ecc2d85e0a
-
SHA1
fedf81c45aeb814ed5afb667f95168bdb39e1c7c
-
SHA256
7e7fb389420084c8d186307502d05cb767293ec80fddabb73d7b1fe9e3654bcb
-
SHA512
cf79d23f06f4954304545fe1b246892ed9140622a314b0e2d5a8c2f757758f5b45fbfa7b931377e6687c454e979daf96606c86d69061f050fb1b501a02473176
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-