General
-
Target
62d95203521d0e0de13d4b70689b9ad5152eb31af21dcdc773a79be962664f5a
-
Size
233KB
-
Sample
220521-pwybkagah6
-
MD5
038ffea38159f39316e08761683fbf86
-
SHA1
e09796baeb1c164ed6b55f8c9872623e3467fcae
-
SHA256
62d95203521d0e0de13d4b70689b9ad5152eb31af21dcdc773a79be962664f5a
-
SHA512
50a93321140550c85128be3b99b154b2fa848e819b0f9eac09a2b36ba2778f673f8cf92d57c3da9f8dc56d50a9464f1325b67d3e9eec1145ddd4aef81b92b8c2
Static task
static1
Behavioral task
behavioral1
Sample
Εντολή αγοράς 87985614 με ημερομηνία 06222020.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://clemglobal.com/server/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Εντολή αγοράς 87985614 με ημερομηνία 06222020.exe
-
Size
598KB
-
MD5
f92ececb3b909c2158eaa33b2bbc0be0
-
SHA1
42abf8fcfcfc88960063dca12b91fb95896a1cf9
-
SHA256
033bf801cc1629f11843d56abc90a50768946cc207e0bdfb6d268ec073bf2a78
-
SHA512
b150fdd247e16b82cf06b3bc3f398be443a8e4a69699cec18055551b76fd00bf2432142eb34fa01db8e33ffee970b2e98f808be83ee953b270836c987c2af19b
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-