General
-
Target
1758e9ced2eebb301b312af2748613cd8be891103a2b722eb6a52e17dfbd1a32
-
Size
786KB
-
Sample
220521-pyt2xsbdhk
-
MD5
7320c5d437145ad84f12cfe5c0c1ec2f
-
SHA1
1a99ffc3c6de885be178b66e7137a1865e574164
-
SHA256
1758e9ced2eebb301b312af2748613cd8be891103a2b722eb6a52e17dfbd1a32
-
SHA512
c5bd377e610a2e2c6b93f7d9b3cc2d636986f4e6098ea20f6fd10dbb08e090559cd27ce25257a6b6daabdd6e0456ec7661cd6a228c31e8c9ea4fe882d17d1a83
Static task
static1
Behavioral task
behavioral1
Sample
2arhsLRMyaVml7q.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://niskioglasi.rs/test1/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2arhsLRMyaVml7q.exe
-
Size
1.0MB
-
MD5
17c5c0a296cae759555eda7c492a49a8
-
SHA1
25f31e7ba4c4293c1c340906b4bf9730798e0b2f
-
SHA256
de660c0038b994e1aef2aaacc59131ea98f312376be5820893ff081396239042
-
SHA512
99cb7fead966f09da3f8836998c428a5fd6489e71c3abe82466cfbe285813c10d9a306e2348f72b4d475a54d3f3751f860b6ce4d5ff36e025971c24af39cf22a
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-