General
-
Target
8234b12e2d69c60d214dc4e9d4388860861034642c8dded1cd4bf6b52e762fc8
-
Size
775KB
-
Sample
220521-w8pzaaedgp
-
MD5
002370211b58eedb0f533a50ad39d566
-
SHA1
ca3581b3594cdf777ce140733c0a6928a04c9ad3
-
SHA256
8234b12e2d69c60d214dc4e9d4388860861034642c8dded1cd4bf6b52e762fc8
-
SHA512
1e0bf02a7a55620e4125f494b091e884269c1a9aa3c3785bf96f408223183dd73e005d05ab98deeb7b1186b17da9eaf1c890caa0786b2e596d498caae23324e2
Static task
static1
Behavioral task
behavioral1
Sample
7775_PDF.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://oneflextiank.com/coco/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
7775_PDF.exe
-
Size
1.2MB
-
MD5
48e12514b0ad66878eec48444c937dcc
-
SHA1
8e851d844de29dae67ae5cd7bd5db234bb6c5df5
-
SHA256
acd12da4b4032af20f766c6a2e26b837bcfd543fd01031fb0a9e4812ef66d103
-
SHA512
4274cba0de060d9b8caa686082ead34bcd97f728c9f950dff3546818a14eb5776b98f96c591a611827527275f5454c7827222510be42c9da124f1f361df884c9
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-