General
-
Target
5caa7440437fbc72abf60075e5d5fc360c567dcf681f9ec02fb145900011938f
-
Size
300KB
-
Sample
220521-pw4tcagba9
-
MD5
2652449495cc9805161ce35befc3a156
-
SHA1
c528417fcda87a9251c8e99524195d2a4c426110
-
SHA256
5caa7440437fbc72abf60075e5d5fc360c567dcf681f9ec02fb145900011938f
-
SHA512
9514c95f1c1a5071b513ab68dd0a022735398dc09358786df0cb4bcff9761cf8bf920f0b5d22ca82370cb4398a6bb971949d001feec519b04bd85dbeab9e5da4
Static task
static1
Behavioral task
behavioral1
Sample
1200 line New Cairo Project - Pumps - RFQ - In hand- Urgent.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://dorobantul.ro/b4pf/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1200 line New Cairo Project - Pumps - RFQ - In hand- Urgent.exe
-
Size
548KB
-
MD5
ed26fcbe647e0b93af295e7980459d46
-
SHA1
fe05347b129b796d77de2fa5c93f062f2f1a341a
-
SHA256
44e32cacf45f4d123ecdee7dcde7f7b3280834aeb576d58fdd0bf78c8028db4c
-
SHA512
e9940558800c6b90b924816fb77bb15465bc4eb7d1b88200a1bd744a459fe87fe70574cc9f6fbbf33c9f4c45d09aaba99edca0d94fc7caebbc4cdbb8de9fec08
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-