General
-
Target
a9ffbe69538bcd014f6c7b1606c3df5781d369cf4386240ab1a788e9a2f99935.exe
-
Size
178KB
-
Sample
220514-q5jp7shhh3
-
MD5
2c24fa42140a8a16f3777173a2d3f0ab
-
SHA1
a11c097a2317d636ee095ccb94ee9d6c96934eda
-
SHA256
a9ffbe69538bcd014f6c7b1606c3df5781d369cf4386240ab1a788e9a2f99935
-
SHA512
267151d9b75fd3976f55a2119c4218960d89e351afea397eb34877ae1ff9d5c3fb1d094875b695b6ce509b59acf619a18e2a3a97673fd5a15b520635e211494c
Static task
static1
Behavioral task
behavioral1
Sample
a9ffbe69538bcd014f6c7b1606c3df5781d369cf4386240ab1a788e9a2f99935.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://sempersim.su/gf17/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a9ffbe69538bcd014f6c7b1606c3df5781d369cf4386240ab1a788e9a2f99935.exe
-
Size
178KB
-
MD5
2c24fa42140a8a16f3777173a2d3f0ab
-
SHA1
a11c097a2317d636ee095ccb94ee9d6c96934eda
-
SHA256
a9ffbe69538bcd014f6c7b1606c3df5781d369cf4386240ab1a788e9a2f99935
-
SHA512
267151d9b75fd3976f55a2119c4218960d89e351afea397eb34877ae1ff9d5c3fb1d094875b695b6ce509b59acf619a18e2a3a97673fd5a15b520635e211494c
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-