General
-
Target
8f55cd87f94613eb7ea5e568c263cc3803378ab422bf31ceb7b7cc166bd9ad77.exe
-
Size
177KB
-
Sample
220514-q5kmhacdak
-
MD5
c33d399c78bbc6d5f34b50759ce3deda
-
SHA1
3b78f12e5f3adf30b758942ae3bc08a3955d6e53
-
SHA256
8f55cd87f94613eb7ea5e568c263cc3803378ab422bf31ceb7b7cc166bd9ad77
-
SHA512
3276446bc72708dbafeac72f7c5fd83d78e5be3aed73bc65edb82d92d604e59d8be8306fc50b3d843b144a76718d762dfcbd47b86a9ec25ea3939cdd208c6bb7
Static task
static1
Behavioral task
behavioral1
Sample
8f55cd87f94613eb7ea5e568c263cc3803378ab422bf31ceb7b7cc166bd9ad77.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://62.197.136.176/liyan/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
8f55cd87f94613eb7ea5e568c263cc3803378ab422bf31ceb7b7cc166bd9ad77.exe
-
Size
177KB
-
MD5
c33d399c78bbc6d5f34b50759ce3deda
-
SHA1
3b78f12e5f3adf30b758942ae3bc08a3955d6e53
-
SHA256
8f55cd87f94613eb7ea5e568c263cc3803378ab422bf31ceb7b7cc166bd9ad77
-
SHA512
3276446bc72708dbafeac72f7c5fd83d78e5be3aed73bc65edb82d92d604e59d8be8306fc50b3d843b144a76718d762dfcbd47b86a9ec25ea3939cdd208c6bb7
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-