General
-
Target
c9699446a6c1d02ed56cb9778e696854815659242bd3a55010736b23b04ab138
-
Size
813KB
-
Sample
220521-w8ylesbbg8
-
MD5
c1332c2ff2f9eb871570f5c031d8d217
-
SHA1
9e868ba85e3d0adf1a50f05955c16fed24834ca9
-
SHA256
c9699446a6c1d02ed56cb9778e696854815659242bd3a55010736b23b04ab138
-
SHA512
81c53bc151baa8bcff803e458d7374afcad2c0c807c906a7e909c17aa27f9fee834d9964c64c4750aa81c04c3d8c3947d8b6887f409eb0b833124fd13f91d0e4
Static task
static1
Behavioral task
behavioral1
Sample
S8872_PDF.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://oneflextiank.com/cream/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
S8872_PDF.exe
-
Size
1.2MB
-
MD5
d76cb6054119c4a62dd9edd2239645d2
-
SHA1
90fc7d4e5e82f7fefe505ca0c037c59ac73d8ded
-
SHA256
27534ee3bfdbfc3b5bfb4b61237354d3d529822b0b64789528c1a8c2ae455318
-
SHA512
db0fede878be7a6d0e2a739fd60957f0ca514ed400835c06e39622c13cfd4c62b7cbc25f7c31bca339adf32eb88d515af55db3bc23d2cadc1b0003db8dfdb211
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-