General
-
Target
900412d2feaf6d59fb84d51f31945d6a0d78d9155d9d12d11687152d2bb2b6b0.exe
-
Size
1.0MB
-
Sample
220514-q5kbqscchp
-
MD5
e310499d46f5ec0029eebafdd266599e
-
SHA1
d3f5de03a9d12707486dbc195fe84bb7633d1e26
-
SHA256
900412d2feaf6d59fb84d51f31945d6a0d78d9155d9d12d11687152d2bb2b6b0
-
SHA512
8c6776b589a5bea50f6fa71ea3526b1e3df61736fb5d4a98c5649043b35dcccc31931d0389ae6c1caa2aff664bd812f0a4bbf56c9abe878ec74d5e40acea1f4c
Static task
static1
Behavioral task
behavioral1
Sample
900412d2feaf6d59fb84d51f31945d6a0d78d9155d9d12d11687152d2bb2b6b0.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://45.133.1.20/uche/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
900412d2feaf6d59fb84d51f31945d6a0d78d9155d9d12d11687152d2bb2b6b0.exe
-
Size
1.0MB
-
MD5
e310499d46f5ec0029eebafdd266599e
-
SHA1
d3f5de03a9d12707486dbc195fe84bb7633d1e26
-
SHA256
900412d2feaf6d59fb84d51f31945d6a0d78d9155d9d12d11687152d2bb2b6b0
-
SHA512
8c6776b589a5bea50f6fa71ea3526b1e3df61736fb5d4a98c5649043b35dcccc31931d0389ae6c1caa2aff664bd812f0a4bbf56c9abe878ec74d5e40acea1f4c
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-