General
-
Target
92496ca3cab558812f1f042cb8ccd6374ed9b75409bc8ec03bb81b93b1371c0c.exe
-
Size
136KB
-
Sample
220521-jl3kmsahd3
-
MD5
7b7351bdf7eec81ce0dcb0c1cdd097b8
-
SHA1
1339f6f177c514fef63a9caebe319e40430fddcd
-
SHA256
92496ca3cab558812f1f042cb8ccd6374ed9b75409bc8ec03bb81b93b1371c0c
-
SHA512
9b96a434e49df6a74ae6ec42f8a1cfdd10f60efbacbacf285462c15e29c11b83d4542e7c088022ffac7f3e78be011ed2bf9623615a4fa7e44ed52502750b2a98
Static task
static1
Behavioral task
behavioral1
Sample
92496ca3cab558812f1f042cb8ccd6374ed9b75409bc8ec03bb81b93b1371c0c.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://sempersim.su/gg7/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
92496ca3cab558812f1f042cb8ccd6374ed9b75409bc8ec03bb81b93b1371c0c.exe
-
Size
136KB
-
MD5
7b7351bdf7eec81ce0dcb0c1cdd097b8
-
SHA1
1339f6f177c514fef63a9caebe319e40430fddcd
-
SHA256
92496ca3cab558812f1f042cb8ccd6374ed9b75409bc8ec03bb81b93b1371c0c
-
SHA512
9b96a434e49df6a74ae6ec42f8a1cfdd10f60efbacbacf285462c15e29c11b83d4542e7c088022ffac7f3e78be011ed2bf9623615a4fa7e44ed52502750b2a98
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-