General
-
Target
c2c808c542919d6233478ff34b1e7224cfb16773061ee86bf46222a86523c328.exe
-
Size
513KB
-
Sample
220521-yhx83sdab9
-
MD5
58e4fdf82b528753891c2090610bd154
-
SHA1
de7c76a84282e9ee766360259632ce900a569611
-
SHA256
c2c808c542919d6233478ff34b1e7224cfb16773061ee86bf46222a86523c328
-
SHA512
fdcac8bb124d0fa1fb083316c8c9ad3a328a0e748599f0f345cc2b3dcd2b5cc28c19bc0048c031e5e18535835de0be19e642bacf4f4cc04260750039d83d8e41
Static task
static1
Behavioral task
behavioral1
Sample
c2c808c542919d6233478ff34b1e7224cfb16773061ee86bf46222a86523c328.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=7124741524802130
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c2c808c542919d6233478ff34b1e7224cfb16773061ee86bf46222a86523c328.exe
-
Size
513KB
-
MD5
58e4fdf82b528753891c2090610bd154
-
SHA1
de7c76a84282e9ee766360259632ce900a569611
-
SHA256
c2c808c542919d6233478ff34b1e7224cfb16773061ee86bf46222a86523c328
-
SHA512
fdcac8bb124d0fa1fb083316c8c9ad3a328a0e748599f0f345cc2b3dcd2b5cc28c19bc0048c031e5e18535835de0be19e642bacf4f4cc04260750039d83d8e41
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-