General
-
Target
7d9c140a94dedd26d05573128e33e224a7fc3b18c672035298624a28c7825844.exe
-
Size
178KB
-
Sample
220514-q5kmhaaaa8
-
MD5
8b9e4e9b0b4d1548e9ea574d984991d4
-
SHA1
1f0fc269e198d87d713cdabbe22e210c841867c3
-
SHA256
7d9c140a94dedd26d05573128e33e224a7fc3b18c672035298624a28c7825844
-
SHA512
e727804560dc1b0d8f2a6bc8a75b82e28b10dcf8a004437f333fb8d0a49f053eb2926473cb4552282a3dfe03c7a1f8f109ea5de244c7b92a9a478371f1366816
Static task
static1
Behavioral task
behavioral1
Sample
7d9c140a94dedd26d05573128e33e224a7fc3b18c672035298624a28c7825844.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://37.0.11.227/sarag/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
7d9c140a94dedd26d05573128e33e224a7fc3b18c672035298624a28c7825844.exe
-
Size
178KB
-
MD5
8b9e4e9b0b4d1548e9ea574d984991d4
-
SHA1
1f0fc269e198d87d713cdabbe22e210c841867c3
-
SHA256
7d9c140a94dedd26d05573128e33e224a7fc3b18c672035298624a28c7825844
-
SHA512
e727804560dc1b0d8f2a6bc8a75b82e28b10dcf8a004437f333fb8d0a49f053eb2926473cb4552282a3dfe03c7a1f8f109ea5de244c7b92a9a478371f1366816
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-