General
-
Target
53d7809ebacd725795ff826bd5ad70965032a153152a3d2cc9f300b7598dfca7
-
Size
813KB
-
Sample
220521-w82yvabbh5
-
MD5
8e702676ba0ec16b198d71bb4d9bd1d4
-
SHA1
c54f891e0a03ed08c78c0c5409d21a97de74eb8b
-
SHA256
53d7809ebacd725795ff826bd5ad70965032a153152a3d2cc9f300b7598dfca7
-
SHA512
1c7e0265d7630c5593738e072742474d2835d4e4ae8add0896673f62305de2f89a8ba77e115294b2a94c412e8593aa339d2cd47138a5e3d51ead4ea5bd1d2b9e
Static task
static1
Behavioral task
behavioral1
Sample
60%TT SWIFTCOPY_PDF.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://oneflextiank.com/cola/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
60%TT SWIFTCOPY_PDF.exe
-
Size
1.2MB
-
MD5
75d6b5bd75b7f70181281e2824fd877d
-
SHA1
c2ed68d06b27ab35b1029ad0f7da17d7dec1c625
-
SHA256
0adecb6f10ce532902f8c9fcd67682beb29f07cb3a6c791443cbb4991ded905b
-
SHA512
97a40fd18c20143816b4febd551693441e4f051fee650d3cb3338c113f007a2353d06f43ca3bd46592408dcc1075a38e0e3172c75526162e9572fbe85712381c
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-