General
-
Target
d72302d2da4c00d4e1bde3e6189c873744c8208deabfa5c7979f52b25611bd3b
-
Size
184KB
-
Sample
220521-psa2vsfhe9
-
MD5
21563e8dfa2e0c181fe8008ea1171390
-
SHA1
00ff54059253bca5883fd9df8b7069c36ece4d0a
-
SHA256
d72302d2da4c00d4e1bde3e6189c873744c8208deabfa5c7979f52b25611bd3b
-
SHA512
5192ed9c3f470d21180ddd89239b78de21da67175b2c10324fb122c315ac731e526afc854510a6e6d773e09a3d6955dc1fb516dd1c845620afb6f9a1a42217c4
Static task
static1
Behavioral task
behavioral1
Sample
ORDER.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://siiigroup.com/blue/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ORDER.exe
-
Size
238KB
-
MD5
671b27a27e1600b1fd60ac5d3d8d7c2a
-
SHA1
27960035610e4b377952354658f1ea569272a907
-
SHA256
8f1241270e8d6833a48656b7f5507d58f974fe0fb9ae323d13725e30b0841c59
-
SHA512
e0c5be3f468e3cb9b7a06dd20898acc43b198458e584ebc337208406928f22b3cb91aad7c5c86d1075a02adfe943a02dafab3646e71132383e2872980adef0b5
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-