General
-
Target
be7970e887e25ba0fb3d7c0786b3af50a4066ec0b7a01f4b5110aeaf7ac9620e
-
Size
1.9MB
-
Sample
220521-w95q5aeefk
-
MD5
18fb6a614288a4408b20e15c7f92b9b9
-
SHA1
ca022f1388dc01b5aae9a3323c994c39fc7a3aa6
-
SHA256
be7970e887e25ba0fb3d7c0786b3af50a4066ec0b7a01f4b5110aeaf7ac9620e
-
SHA512
1382eb8c7792156f90c3f48f4fa216b19390983e18cb911b86d8b921347e369980526344ba2582d8f368adb3ca4f0fe0f6efca155fb13b966309b3e91ce17a12
Static task
static1
Behavioral task
behavioral1
Sample
be7970e887e25ba0fb3d7c0786b3af50a4066ec0b7a01f4b5110aeaf7ac9620e.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://kaveriyarns.com/test/five/fre
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
be7970e887e25ba0fb3d7c0786b3af50a4066ec0b7a01f4b5110aeaf7ac9620e
-
Size
1.9MB
-
MD5
18fb6a614288a4408b20e15c7f92b9b9
-
SHA1
ca022f1388dc01b5aae9a3323c994c39fc7a3aa6
-
SHA256
be7970e887e25ba0fb3d7c0786b3af50a4066ec0b7a01f4b5110aeaf7ac9620e
-
SHA512
1382eb8c7792156f90c3f48f4fa216b19390983e18cb911b86d8b921347e369980526344ba2582d8f368adb3ca4f0fe0f6efca155fb13b966309b3e91ce17a12
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-