General
-
Target
6cb808501ba2fa8738fe3899dd8114e2402f6b18b363c055601d417ad7693be5.exe
-
Size
122KB
-
Sample
220521-yhw11sgben
-
MD5
d85f82b6c267725dbef70ba110f5b972
-
SHA1
00724c2ed905189cd2b142ee196232b5dbadcdea
-
SHA256
6cb808501ba2fa8738fe3899dd8114e2402f6b18b363c055601d417ad7693be5
-
SHA512
a9a896237a87bfcfdab0be6d445d730647afa51c48b29826d5dcec27ada75a9325300fd6cd4af673f856cca173285def4aa9f6973e0bca34c3dd4751ee4e9e79
Static task
static1
Behavioral task
behavioral1
Sample
6cb808501ba2fa8738fe3899dd8114e2402f6b18b363c055601d417ad7693be5.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://hyatqfuh9olahvxf.gq/BN3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6cb808501ba2fa8738fe3899dd8114e2402f6b18b363c055601d417ad7693be5.exe
-
Size
122KB
-
MD5
d85f82b6c267725dbef70ba110f5b972
-
SHA1
00724c2ed905189cd2b142ee196232b5dbadcdea
-
SHA256
6cb808501ba2fa8738fe3899dd8114e2402f6b18b363c055601d417ad7693be5
-
SHA512
a9a896237a87bfcfdab0be6d445d730647afa51c48b29826d5dcec27ada75a9325300fd6cd4af673f856cca173285def4aa9f6973e0bca34c3dd4751ee4e9e79
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-