General
-
Target
15d6c3bd79d56a29641b44ed97e24eb1e4c37e1e87fae538f8d96d7f441decbe
-
Size
196KB
-
Sample
220521-pyxstagca5
-
MD5
cd8505590911a7deed73778c55e51472
-
SHA1
27de12c1679b502fdc8e2350f80d51b6e1ea54bd
-
SHA256
15d6c3bd79d56a29641b44ed97e24eb1e4c37e1e87fae538f8d96d7f441decbe
-
SHA512
1a371e5d217ab2c50f6f2c704e779283d2241b2209c7e257c662c383cdefdaec606ca520a6634311e37df855e472f9ea9c8e5917478ace6747ab3611699e8519
Static task
static1
Behavioral task
behavioral1
Sample
profile and quotation.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://game-engine.ir/videos/ebuxx/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
profile and quotation.exe
-
Size
286KB
-
MD5
de89f2b140186925dc95b9b6a62269a6
-
SHA1
fca0995013132849a244eb822383f4da4a968823
-
SHA256
427d134a34bbb2f146215f060750209416f5e30cbe50b3b236ee09dedd445baf
-
SHA512
fd9bb927498d9cc0b0256426af0241654db39b1bc08a9d7a8788cd2ec20a58da210436f89599d93043e35ccaeee6c13c6a2edf397057c8910211d5958a2808cd
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-