General
-
Target
f711d2623368f02a5857f7bc62e647800077b2abd9efe0b3040dcb0bac4a50c8.exe
-
Size
310KB
-
Sample
220521-jl29waahb9
-
MD5
0c5c5af36d67e89a321bff54e6f6e431
-
SHA1
d894a2ab68371b6661468c6906648cd11f38ff32
-
SHA256
f711d2623368f02a5857f7bc62e647800077b2abd9efe0b3040dcb0bac4a50c8
-
SHA512
fcd788eb744423db5169362a11ca7a16408bb54fccb79ed375342e6715de92bb3dcfd4c93472f71ec9be14b9d97460f95a731f3a2865f0c51977644f6c7da9fd
Static task
static1
Behavioral task
behavioral1
Sample
f711d2623368f02a5857f7bc62e647800077b2abd9efe0b3040dcb0bac4a50c8.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://sempersim.su/gg1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f711d2623368f02a5857f7bc62e647800077b2abd9efe0b3040dcb0bac4a50c8.exe
-
Size
310KB
-
MD5
0c5c5af36d67e89a321bff54e6f6e431
-
SHA1
d894a2ab68371b6661468c6906648cd11f38ff32
-
SHA256
f711d2623368f02a5857f7bc62e647800077b2abd9efe0b3040dcb0bac4a50c8
-
SHA512
fcd788eb744423db5169362a11ca7a16408bb54fccb79ed375342e6715de92bb3dcfd4c93472f71ec9be14b9d97460f95a731f3a2865f0c51977644f6c7da9fd
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-