General
-
Target
db33ad49ea94e38b3cda7b48cca06a29701052bbf784c9fff3d6300d7bf6fc81.exe
-
Size
123KB
-
Sample
220521-jl366seadn
-
MD5
a0033191a7a309317e1b4abc255a1b52
-
SHA1
02273978ab8de3cd26dd07ad24c95d83c85f26ed
-
SHA256
db33ad49ea94e38b3cda7b48cca06a29701052bbf784c9fff3d6300d7bf6fc81
-
SHA512
48e1498b41496ae88be8828af976780fc7325271d226448c7c5ccd8dd41a02574125ce15631d50ebb607b224fbe34f1b109bdab80b66d7d2b4389c226b0398f3
Static task
static1
Behavioral task
behavioral1
Sample
db33ad49ea94e38b3cda7b48cca06a29701052bbf784c9fff3d6300d7bf6fc81.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://lokaxz.xyz/fc/bk/ss.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
db33ad49ea94e38b3cda7b48cca06a29701052bbf784c9fff3d6300d7bf6fc81.exe
-
Size
123KB
-
MD5
a0033191a7a309317e1b4abc255a1b52
-
SHA1
02273978ab8de3cd26dd07ad24c95d83c85f26ed
-
SHA256
db33ad49ea94e38b3cda7b48cca06a29701052bbf784c9fff3d6300d7bf6fc81
-
SHA512
48e1498b41496ae88be8828af976780fc7325271d226448c7c5ccd8dd41a02574125ce15631d50ebb607b224fbe34f1b109bdab80b66d7d2b4389c226b0398f3
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-