General
-
Target
a9884b3c353d97349092b79f407a2311155dad2571f5006325c318b5e4cddc58
-
Size
669KB
-
Sample
220521-sp7s7shhc4
-
MD5
c1076707e92d89285c9535e502bdc0ff
-
SHA1
947b4636d09acb44e83dfe309c8f6de85201a5c4
-
SHA256
a9884b3c353d97349092b79f407a2311155dad2571f5006325c318b5e4cddc58
-
SHA512
495756acb90129a113e9de67b4efad4e12d4485535865fa5d38e1e294a0bdceee60cdd9da3ab0adb2065c5450721bb84285703f202f64d07786bb9e294347ca0
Static task
static1
Malware Config
Extracted
lokibot
http://85.202.169.172/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a9884b3c353d97349092b79f407a2311155dad2571f5006325c318b5e4cddc58
-
Size
669KB
-
MD5
c1076707e92d89285c9535e502bdc0ff
-
SHA1
947b4636d09acb44e83dfe309c8f6de85201a5c4
-
SHA256
a9884b3c353d97349092b79f407a2311155dad2571f5006325c318b5e4cddc58
-
SHA512
495756acb90129a113e9de67b4efad4e12d4485535865fa5d38e1e294a0bdceee60cdd9da3ab0adb2065c5450721bb84285703f202f64d07786bb9e294347ca0
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-