General
-
Target
24225cdf9146985a318fa78678b2d0544a460fc02d7794ff3efed65c4217f139.exe
-
Size
136KB
-
Sample
220521-jl29waahc2
-
MD5
4e59abfcc6537ad26941fa659093991f
-
SHA1
e81af7081b079a2cbaee809a6f46610f296d4bc3
-
SHA256
24225cdf9146985a318fa78678b2d0544a460fc02d7794ff3efed65c4217f139
-
SHA512
682ae2acf7a85f9b4886c799123a5c65d4c761d28a821102cae541508189653e63888014d070390ae413f2bde60ff37e55c168a17debb1c3a0ef5f15078f103d
Static task
static1
Behavioral task
behavioral1
Sample
24225cdf9146985a318fa78678b2d0544a460fc02d7794ff3efed65c4217f139.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
24225cdf9146985a318fa78678b2d0544a460fc02d7794ff3efed65c4217f139.exe
-
Size
136KB
-
MD5
4e59abfcc6537ad26941fa659093991f
-
SHA1
e81af7081b079a2cbaee809a6f46610f296d4bc3
-
SHA256
24225cdf9146985a318fa78678b2d0544a460fc02d7794ff3efed65c4217f139
-
SHA512
682ae2acf7a85f9b4886c799123a5c65d4c761d28a821102cae541508189653e63888014d070390ae413f2bde60ff37e55c168a17debb1c3a0ef5f15078f103d
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-