General
-
Target
tmp
-
Size
876KB
-
Sample
220521-jrcleabbb4
-
MD5
7172f955f38508eac9bc65f647ed627d
-
SHA1
3533afbac7e63993653c81a899a08cdb499ba244
-
SHA256
ab083463bed04a6a3f8848967a59917e86ea70db776a1b5b3e9a7ca8638ae0a7
-
SHA512
be51c5c886d6d6df71f1b8bf8a348d330b89a1c5e78d89bfb64037365ddedc2fff310ff8867208d8f81b6e87678c1034a7bc4d0604215707f60e75d36e214c0f
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://sempersim.su/gf18/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
tmp
-
Size
876KB
-
MD5
7172f955f38508eac9bc65f647ed627d
-
SHA1
3533afbac7e63993653c81a899a08cdb499ba244
-
SHA256
ab083463bed04a6a3f8848967a59917e86ea70db776a1b5b3e9a7ca8638ae0a7
-
SHA512
be51c5c886d6d6df71f1b8bf8a348d330b89a1c5e78d89bfb64037365ddedc2fff310ff8867208d8f81b6e87678c1034a7bc4d0604215707f60e75d36e214c0f
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-