General
-
Target
cf85acb9f6732b72874395e9362600e2fe129e6988faea6ddd7a8f957161fbf4
-
Size
813KB
-
Sample
220521-w84gnseeaj
-
MD5
ca80218725bf221e37f70f9c6c5f6ca4
-
SHA1
82c443061867dfe96df7afda6b15f7a62a61d225
-
SHA256
cf85acb9f6732b72874395e9362600e2fe129e6988faea6ddd7a8f957161fbf4
-
SHA512
5fa781fd57c9b273979bcabd39db844293578f0a412397ade5e17c50fdc9a1c7a0481cc4344aa817ad1bf7b180640ae1319dd008937831c5f2ea50248eff5433
Static task
static1
Behavioral task
behavioral1
Sample
payment copy_pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://lapphoungshoes.com/dope/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
payment copy_pdf.exe
-
Size
1.2MB
-
MD5
5dfa96941d8503287771d954e25c343f
-
SHA1
dbef0eedd0e660152f1e4bfe2ecda82393401b7c
-
SHA256
4bc494204a6950d07cdbc7181b7b9588d037d7118e31fb41f0156c2b44423e34
-
SHA512
9cb5fdea7856cebb2ed0d89aef330fe19a9e5f3f5810e7fb40b92c2bcb7f4a492e41f5b13bc9748fdf1b25d55d7dc8641c6ae18421ef44684adddd03f1f86011
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-