General
-
Target
7d797a92da7d926481b30b6a7f215c6a2efec9c209a0096e42f6ec66d2ba566c
-
Size
1.0MB
-
Sample
220521-w86l2abca2
-
MD5
8d7bd7325dfc6e87367e4426e5782e03
-
SHA1
bb4fe8b57cb154ef34747d9755306c828c0bc943
-
SHA256
7d797a92da7d926481b30b6a7f215c6a2efec9c209a0096e42f6ec66d2ba566c
-
SHA512
d6306d89774ffc53e6950995034721afa04e95671295eb8cb9fe6ab9499e7f4ad229114119847f5f72101397ffb907a72d58192126ef2c66a6c26edf283933d8
Static task
static1
Behavioral task
behavioral1
Sample
Payment Notification_pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://oneflextiank.com/cola/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Payment Notification_pdf.exe
-
Size
1.5MB
-
MD5
9ffd557ac6d2f24ef7896ad19bf54b8b
-
SHA1
eddd424270208cc05af78285397657d3c54b32b2
-
SHA256
50b314825821a231dd4a13782bd1c927a590e30d186fe1ed28fd26940a9ee5e0
-
SHA512
1a3355b6a9bb1eec538bab719d743ebf205d67b6eff93a292e80e699c6acaa176f995d19e46cc84fd9e65640942d0d1099e1b98f1e04312b7e2d53d99239686e
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-