General
-
Target
7af4925ef23c08cc12eb4aa6822f8d46c01d829cc32462a55d23ffec0c7c6e11.exe
-
Size
577KB
-
Sample
220521-yhwegschh3
-
MD5
0218bbe4e887492ff4e48d646513da04
-
SHA1
82bd2d0206c767abeb19090e54bbdc7811860900
-
SHA256
7af4925ef23c08cc12eb4aa6822f8d46c01d829cc32462a55d23ffec0c7c6e11
-
SHA512
6e2c446f7f2a0b14b5db3f7cc5d1ff9de63ebc8298393f1631535ba60d63a57d2b2826775453486c8ced34732230fb6289f074f4f27dba64c17cae8c9a26771c
Static task
static1
Behavioral task
behavioral1
Sample
7af4925ef23c08cc12eb4aa6822f8d46c01d829cc32462a55d23ffec0c7c6e11.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=21645050038542306
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
7af4925ef23c08cc12eb4aa6822f8d46c01d829cc32462a55d23ffec0c7c6e11.exe
-
Size
577KB
-
MD5
0218bbe4e887492ff4e48d646513da04
-
SHA1
82bd2d0206c767abeb19090e54bbdc7811860900
-
SHA256
7af4925ef23c08cc12eb4aa6822f8d46c01d829cc32462a55d23ffec0c7c6e11
-
SHA512
6e2c446f7f2a0b14b5db3f7cc5d1ff9de63ebc8298393f1631535ba60d63a57d2b2826775453486c8ced34732230fb6289f074f4f27dba64c17cae8c9a26771c
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-