General
-
Target
231a2f45a4219ebaf9491e1098bc12c7284e13dd22ed823aa670e7ec08a8c199
-
Size
168KB
-
Sample
220521-pykhgsgbg5
-
MD5
8b05baaf849362adc0e5955b6d7883a4
-
SHA1
d63fa67839081d60856cd48847ea4264724b8dda
-
SHA256
231a2f45a4219ebaf9491e1098bc12c7284e13dd22ed823aa670e7ec08a8c199
-
SHA512
5b57bd8a0739d4ef8f6134d58166e348c57e57dc278af7d2ddce22dd75643ba020f280a6550d1fe60979f1193fd828edd9b91b9fc785d405ea16156d358b0a1f
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE2020 pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://kovachevpress.com/docsx/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
QUOTE2020 pdf.exe
-
Size
368KB
-
MD5
83005f40d807395b48b6db94468d2724
-
SHA1
4716bc507a056937815fc864a1a3ffd16fe3a9af
-
SHA256
2c07db0899ca0694f0968ccbc4ce68b60356a8f832f9bc3875529fc0e35c8778
-
SHA512
e22410f5591c96c72b7b935599b7adeade9652ac71a0d0d1f2e1627504f9112aecc59d0c855b94aec71442247cdc18cbddb58b0c19c74cf0335aa57a1edf548d
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-