General
-
Target
f7e5ae240238b44fec7b6d7f6e08200581d5de953f9f95dbdbad520ed6b35873
-
Size
219KB
-
Sample
220521-w991vabce8
-
MD5
e2e66645d4b8046b73d6e12998c28728
-
SHA1
95a4cb676d97db4296fb31254ad7aab117e403bd
-
SHA256
f7e5ae240238b44fec7b6d7f6e08200581d5de953f9f95dbdbad520ed6b35873
-
SHA512
673a2da1f899008b87d5ce86d1504a12d8d63c7b483e16da2f8c92d515a332bd4acff7d8da3f38db77bf74a25543d72f8e7a69aa24950dd18e95ca132dc38c90
Static task
static1
Behavioral task
behavioral1
Sample
swift_copy-091719-PDF.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://kaveriyarns.com/test/five/fre
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
swift_copy-091719-PDF.exe
-
Size
1.9MB
-
MD5
18fb6a614288a4408b20e15c7f92b9b9
-
SHA1
ca022f1388dc01b5aae9a3323c994c39fc7a3aa6
-
SHA256
be7970e887e25ba0fb3d7c0786b3af50a4066ec0b7a01f4b5110aeaf7ac9620e
-
SHA512
1382eb8c7792156f90c3f48f4fa216b19390983e18cb911b86d8b921347e369980526344ba2582d8f368adb3ca4f0fe0f6efca155fb13b966309b3e91ce17a12
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-