General
-
Target
3957b6a56a5001b703e3572bea8c8e23a5f867d81a766195296d2324df93ba6a.exe
-
Size
596KB
-
Sample
220521-yhwegsgbcr
-
MD5
f0283060c7f33e45c0f7c736103e9528
-
SHA1
948ee5aefdb44847da53057358bdbd7a34c3000b
-
SHA256
3957b6a56a5001b703e3572bea8c8e23a5f867d81a766195296d2324df93ba6a
-
SHA512
b1b63e85a9b9873dcf522d61a9d46c55d9f8483b9e1163de90448291397632e88c40513cc851a0e6d769dd23cc3afa4d37edda60903b3f784c7a47d1f35d0f82
Static task
static1
Behavioral task
behavioral1
Sample
3957b6a56a5001b703e3572bea8c8e23a5f867d81a766195296d2324df93ba6a.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=16819775001048824
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3957b6a56a5001b703e3572bea8c8e23a5f867d81a766195296d2324df93ba6a.exe
-
Size
596KB
-
MD5
f0283060c7f33e45c0f7c736103e9528
-
SHA1
948ee5aefdb44847da53057358bdbd7a34c3000b
-
SHA256
3957b6a56a5001b703e3572bea8c8e23a5f867d81a766195296d2324df93ba6a
-
SHA512
b1b63e85a9b9873dcf522d61a9d46c55d9f8483b9e1163de90448291397632e88c40513cc851a0e6d769dd23cc3afa4d37edda60903b3f784c7a47d1f35d0f82
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-