General
-
Target
fd41408ce6324cdd9c83dddc2d3ae6082a78c832225e71fa00a9f858973a99ca
-
Size
813KB
-
Sample
220521-w8xzwsbbg7
-
MD5
0935e80936f684e54bee5d15ff6b3b19
-
SHA1
3c4f80c04c4007ccd412a83ee7abdb7f76ca81c3
-
SHA256
fd41408ce6324cdd9c83dddc2d3ae6082a78c832225e71fa00a9f858973a99ca
-
SHA512
1067d6190d1d8be1c3f925118d464688ab7ce30dc7f46293e22d0354ff250f797b2a235a7af387525bbbd3f751c52d676594bdcd01cefb8d6efdf06552049aa1
Static task
static1
Behavioral task
behavioral1
Sample
KYOCERA_892958476_05_2020.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://lapphoungshoes.com/dino/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
KYOCERA_892958476_05_2020.exe
-
Size
1.2MB
-
MD5
983b3f2a326aa8a8c1502bdebb6211bb
-
SHA1
593928ba1bae091330a4473675917414b98798c3
-
SHA256
e0e899627677a5191b45c3da7da2f9c83e5840e45b70142816ccc7c18d5b4ada
-
SHA512
1fbe90a48c8256e908009b32a02fbc81783c45adaae5451adc4b8f20f1f75a92209a7b90cd870868cf067467be1db52e1f0c5a369ddc2cb4ed0d106cdb37fbbf
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-