General
-
Target
736727fcebc11c8251e11465c2547ab7fddf8a8af79bf4c3239155936efd9e2f
-
Size
693KB
-
Sample
220521-m8dftadcb8
-
MD5
7ece1defd489c7d944c7d5cf5a80fbe5
-
SHA1
374a0369655e65ab814d58c059b2aaf0f060359d
-
SHA256
736727fcebc11c8251e11465c2547ab7fddf8a8af79bf4c3239155936efd9e2f
-
SHA512
0a76757f3906b59e33c6119179b6655a750443d2f270bb25a07df53271bcf36d7abda67d94331f5a81ee22e84d027a89d1a9ecbda212cb81ed62ae5dbff0f07a
Static task
static1
Behavioral task
behavioral1
Sample
payment-doc-pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://oneflextiank.com/coco/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
payment-doc-pdf.exe
-
Size
1.1MB
-
MD5
c11a978107b9c9eb837c007c0b755193
-
SHA1
6106eac313784563e07209c9584bc8839bfa0d37
-
SHA256
fba38412cc65baf89d6e5145f226c26e20128f5404cdbbe82f094007796e7c65
-
SHA512
5978163eceb1f51e5204b093921858e04a5d12b82bd60100c5ddfe328f5286a8fe8082a1e7c8619064b1e5a35b7af070ceab68c212f89508e380d128a56a6d27
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-