General
-
Target
fd5192b610be989cb52672c465a7eda401056546429f8cd671011ce48762ce3a
-
Size
686KB
-
Sample
220521-xzhz2sgacl
-
MD5
18646a3e12769be2b7e42cd7c6ca7c91
-
SHA1
a53a65a97baa09c14299d9f494b2c9604879be19
-
SHA256
fd5192b610be989cb52672c465a7eda401056546429f8cd671011ce48762ce3a
-
SHA512
189511ea4dac5e0729ab6fc0d78c1f1c867682513b6e34d81bd1da638dcfd789948173fc02940eb22a76d4d6835171914184fc17c30c3165d8cdd5016a7cfafc
Static task
static1
Behavioral task
behavioral1
Sample
HSBC Beneficiary Payment Advice_PDF.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://rnarport.com/dino/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
HSBC Beneficiary Payment Advice_PDF.exe
-
Size
1.1MB
-
MD5
b263766734bce939291e23e8c0951513
-
SHA1
205cac9b1f22bcc10cb156ced28ccd0adc01f025
-
SHA256
84c9cac8f78ed172c006be7798ee6d1be614306b6a7b956ac68d2f74c4fa0e71
-
SHA512
87fb8a715ad78ff0d4d24b34ecac27f4febfd2ac20a305cca9edfc7c6bb82a8608d62911627623456f4b86f990f241c3ee1c0dcf46f716e773c0b8b88fdb13e9
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-